Sponsored by..

Wednesday 14 March 2012

goo.gl/NEQlS link leads to malware

Another case of the goo.gl redirector being used for evil:

From:     Dilip Lalita dklalita1977@yahoo.com
Date:     14 March 2012 09:38
Subject:     Changes in FDIC policy #22666447
Signed by:     yahoo.com

Id 36-4866333-96425034-8-662
< !--KG 19021150 K


HF 22555007 Z

goo.gl/NEQlS leads to m6ttp.burdencrigyll.ru  (multihomed, see below) and then to a malicious payload site at (iPower, US). This URL contains an exploit kit.

The intermediate step is hosted on several servers: (Ukrainian American Joint Venture, Ukraine) (VIPnet, Croatia) (ER-Telecom Holding, Russia) (Galitski Telekommunications, Ukraine) (Yokozunanet, Mongolia) (BSNL Internet, India) (Pakistan Telecommunication Company Limited, Pakistan) (TATA Communications, India) (HINET, Taiwan) (Rostelecom, Russia) (Invitel, Hungary) (Kazakhtelecom, Kazakhstan) (Kazakhtelecom, Kazakhstan) (Rostelecom, Russia) (Alice, Italy) (Intersvyaz-2, Russia) (Open Computer Network, Japan) (Reliance Communication, India) (Bharti Airtel, India)  (Kazakhtelecom, Kazakhstan)

This is a plain list for copy-and-pasting:

No comments: