Sponsored by..

Monday 12 March 2012

"Scan from a Xerox W. Pro" spam / cjjasjjikooppfkja.ru

A fairly familiar spam with a malicious attachment:

Date:      Mon, 12 Mar 2012 08:32:11 +0100
From:      "KATELYN NEAL"
Subject:      Fwd: Scan from a Xerox W. Pro #0099345
Attachments:     Xerox_Workcentre_03.08_FZ1820.htm

Please open the attached document. It was scanned and sent

to you using a Xerox WorkCentre Pro.

Sent by: Guest
Number of Images: 1
Attachment File Type: .HTML

WorkCentre Pro Location: machine location not set
Device Name: XRX318AA5BSX3515459
The attachment leads to a malicious page at cjjasjjikooppfkja.ru:8080/images/aublbzdni.php. This domain is multihomed at: (Microlink Latvia Ltd, Latvia) (Netia SA, Poland) (Kazakhtelecom, Kazakhstan) (Optimate-Server, Germany) (Tata Teleservices, India) (Telekomunikasi, Indonesia) (Bharti Infotel, India) (Telmex, Peru) (Century Telecom Ltda, Brazil) (Commission for Science and Technology, Pakistan) (Sejong Telecom, Korea) (SK Broadband Co Ltd, Korea) (Sakura Internet Inc, Japan)

Plain list:

Blocking hese IPs would be a good idea.

No comments: