The so-called invoice attached to this email leads to malware:Date: Thu, 8 Mar 2012 08:06:00 +0100
From: "EDDIE HERRINGTON"
Subject: Re: Inter-company inv. from Aleris International Corp.
Attachments: Invoice_l8004324237.htm
Hallo
Attached the corp. invoice for the period July 2011 til Aug. 2011.
Thanks a lot for supporting this process
EDDIE HERRINGTON
Aleris International Corp.
The malware is on cruikdfoknaofa.ru:8080/images/aublbzdni.php (report here). This domain is multihomed on the following IPs:
78.107.82.98 (Corbina Telecom, Russia)
83.238.208.55 (Netia Telekom, Poland)
95.156.232.102 (Optimate-server, Germany)
111.93.161.226 (Tata Teleservices, India)
125.19.103.198 (Bharti Infotel, India)
190.81.107.70 (Telmex, Peru)
194.85.97.121 (State Technical University of Saint-Petersburg, Russia)
200.169.13.84 (Century Telecom Ltda, Brazil)
202.149.85.37 (Satata Neka Tama, Indonesia)
210.56.23.100 (Commission For Science And Technology, Pakistan)
211.44.250.173 (SK Broadband Co Ltd, Korea)
Plain list:
78.107.82.98
83.238.208.55
95.156.232.102
111.93.161.226
125.19.103.198
190.81.107.70
194.85.97.121
200.169.13.84
202.149.85.37
210.56.23.100
211.44.250.173
No comments:
Post a Comment