This spam leads to malware on vanishingmasers.ru:Date: Thu, 12 Apr 2012 15:14:41 -0300
From: "Lidia Polk" [uzbekistanqp39@sterkinekor.com]
Subject: RE: Wire transfer cancelled
Good afternoon,
Wire transfer was canceled by the other bank.
Rejected transaction:
FEDWIRE REFERENCE NUMBER: SK9415179747ODP36641K
Wire Transfer Report: View
The Federal Reserve Wire Network
The payload is on vanishingmasers.ru:8080/pages/glavctkoasjtct.php (report here) which is hosted on some familiar looking IP addresses:
41.168.5.140 (Neotel, South Africa)
62.85.27.129 (Microlink, Latvia)
83.170.91.152 (UK2.NET, UK)
85.214.204.32 (Strato AG, Germany)
88.190.22.72 (Free SAS / ProXad, France)
89.31.145.154 (Nexen, France)
112.78.124.115 (Sakura Internet, Japan)
125.19.103.198 (Bharti Infotel, India)
210.56.23.100 (Commission For Science And Technology, Pakistan)
211.44.250.173 (SK Broadband, Korea)
219.94.194.138 (Sakura Internet, Japan)
Plain list for copy-and-pasting:
41.168.5.140
62.85.27.129
83.170.91.152
85.214.204.32
88.190.22.72
89.31.145.154
112.78.124.115
125.19.103.198
210.56.23.100
211.44.250.173
219.94.194.138
No comments:
Post a Comment