Sponsored by..

Thursday 8 March 2012

"Inter-company inv. from Aleris International Corp. " / cruikdfoknaofa.ru

The so-called invoice attached to this email leads to malware:

Date:      Thu, 8 Mar 2012 08:06:00 +0100
From:      "EDDIE HERRINGTON"
Subject:      Re: Inter-company inv. from Aleris International Corp.
Attachments:     Invoice_l8004324237.htm

Hallo



Attached the corp. invoice for the period July 2011 til Aug. 2011.



Thanks a lot for supporting this process



EDDIE HERRINGTON

Aleris International Corp.

The malware is on cruikdfoknaofa.ru:8080/images/aublbzdni.php  (report here). This domain is multihomed on the following IPs:

78.107.82.98 (Corbina Telecom, Russia)
83.238.208.55 (Netia Telekom, Poland)
95.156.232.102 (Optimate-server, Germany)
111.93.161.226 (Tata Teleservices, India)
125.19.103.198 (Bharti Infotel, India)
190.81.107.70 (Telmex, Peru)
194.85.97.121 (State Technical University of Saint-Petersburg, Russia)
200.169.13.84 (Century Telecom Ltda, Brazil)
202.149.85.37 (Satata Neka Tama, Indonesia)
210.56.23.100 (Commission For Science And Technology, Pakistan)
211.44.250.173 (SK Broadband Co Ltd, Korea)
Plain list:
78.107.82.98
83.238.208.55
95.156.232.102
111.93.161.226
125.19.103.198
190.81.107.70
194.85.97.121
200.169.13.84
202.149.85.37
210.56.23.100
211.44.250.173

No comments: