Sponsored by..

Thursday 12 April 2012

Federal Reserve Wire Network spam / vanishingmasers.ru

This spam leads to malware on vanishingmasers.ru:

Date:      Thu, 12 Apr 2012 15:14:41 -0300
From:      "Lidia Polk" [uzbekistanqp39@sterkinekor.com]
Subject:      RE: Wire transfer cancelled

Good afternoon,

Wire transfer was canceled by the other bank.

Rejected transaction:


Wire Transfer Report: View

The Federal Reserve Wire Network

The payload is on vanishingmasers.ru:8080/pages/glavctkoasjtct.php (report here) which is hosted on some familiar looking IP addresses: (Neotel, South Africa) (Microlink, Latvia) (UK2.NET, UK) (Strato AG, Germany) (Free SAS / ProXad, France) (Nexen, France) (Sakura Internet, Japan) (Bharti Infotel, India) (Commission For Science And Technology, Pakistan) (SK Broadband, Korea) (Sakura Internet, Japan)

Plain list for copy-and-pasting:

No comments: