Date: Fri, 9 Mar 2012 05:40:05 +0100
From: "Valentino CONNELLY"
Subject: Scan from a HP Officejet #235612
Attachments: HP_Document_SPK23127.htm
Attached document was scanned and sent
to you using a Hewlett-Packard HP Officejet 2975OF.
Sent: by Valentino
Image(s) : 1
Attachment: HTML [.htm]
Hewlett-Packard Officejet Location: machine location not set
Device: POD866K0PL44119329S
The malware is on cnnvcnsaoljfrut.ru:8080/images/aublbzdni.php (report here) which is multihomed on a familiar looking list of IP addresses:
78.107.82.98 (Corbina Telecom, Russia)
83.238.208.55 (Netia Telekom, Poland)
95.156.232.102 (Optimate-server, Germany)
111.93.161.226 (Tata Teleservices, India)
125.19.103.198 (Bharti Infotel, India)
190.81.107.70 (Telmex, Peru)
194.85.97.121 (State Technical University of Saint-Petersburg, Russia)
202.149.85.37 (Satata Neka Tama, Indonesia)
210.56.23.100 (Commission For Science And Technology, Pakistan)
211.44.250.173 (SK Broadband Co Ltd, Korea)
Plain list for copy-and-pasting:
78.107.82.98
83.238.208.55
95.156.232.102
111.93.161.226
125.19.103.198
190.81.107.70
194.85.97.121
202.149.85.37
210.56.23.100
211.44.250.173
No comments:
Post a Comment