Sponsored by..

Wednesday 14 March 2012

"Scan from a Hewlett-Packard ScanJet" malware / doosdkdkjsjdfo.ru

This old attack again, a malicious email with an attachment leading to doosdkdkjsjdfo.ru

Date:      Wed, 14 Mar 2012 12:31:50 +0530
From:      officejet@victimdomain.com
Subject:      Re: Fwd: Scan from a Hewlett-Packard ScanJet 297552
Attachments:     HP_Scanjet-14-626146.htm

Attached document was scanned and sent

to you using a Hewlett-Packard ScanJet 93988PP.

SENT BY: Teagan
FILETYPE: .HTML [Internet Explorer File]

The malware is on doosdkdkjsjdfo.ru:8080/images/aublbzdni.php, which is multihomed on a subset of the IPs in this other recent attack. A Wepawet report can be found here. (Microlink Latvia Ltd, Latvia) (Kazakhtelecom, Kazakhstan) (Optimate-Server, Germany) (Tata Teleservices, India) (Telekomunikasi, Indonesia) (Bharti Infotel, India) (Telmex, Peru) (Century Telecom Ltda, Brazil) (Commission for Science and Technology, Pakistan) (Sejong Telecom, Korea) (SK Broadband Co Ltd, Korea) (Sakura Internet Inc, Japan)

Plain list for copy-and-pasting:

No comments: