Sponsored by..

Monday 30 April 2012

91.121.84.204 / 64.244.61.40 malware

There's a spam run this morning (probably one of the familiar LinkedIn / Printer / CareerBuilder / Pizza / etc spams) that is trying to direct users to a malicious payload on 91.121.84.204:8080/showthread.php?t=34c79594e8b8ac0f (OVH, France. Wepawet report here) that then also tries to download an additional malware component from 64.244.61.40/rUPYeVt0.exe (cheekyshare.com, US).

Blocking access to these IPs would be prudent.

No comments: