Sponsored by..

Thursday 8 March 2012

"Inter-company inv. from Aleris International Corp. " / cruikdfoknaofa.ru

The so-called invoice attached to this email leads to malware:

Date:      Thu, 8 Mar 2012 08:06:00 +0100
Subject:      Re: Inter-company inv. from Aleris International Corp.
Attachments:     Invoice_l8004324237.htm


Attached the corp. invoice for the period July 2011 til Aug. 2011.

Thanks a lot for supporting this process


Aleris International Corp.

The malware is on cruikdfoknaofa.ru:8080/images/aublbzdni.php  (report here). This domain is multihomed on the following IPs: (Corbina Telecom, Russia) (Netia Telekom, Poland) (Optimate-server, Germany) (Tata Teleservices, India) (Bharti Infotel, India) (Telmex, Peru) (State Technical University of Saint-Petersburg, Russia) (Century Telecom Ltda, Brazil) (Satata Neka Tama, Indonesia) (Commission For Science And Technology, Pakistan) (SK Broadband Co Ltd, Korea)
Plain list:

No comments: