Sponsored by..

Wednesday 11 April 2012

Wire Transfer spam / wiskonsintpara.ru

This spam leads to malware on wiskonsintpara.ru:

From:     Marcel Ouellette RaymondKalan@nyc.rr.com
Date:     11 April 2012 13:30
Subject:     Re: Wire Transfer Confirmation (FED REFERENCE 42420PP01)

Dear Bank Account Operator,
WIRE TRANSACTION: WIRE-900098281493111

You can find details in the attached file.(Internet Explorer file)

There's an HTML attachment which attempts to load malicious content from wiskonsintpara.ru:8080/img/?promo=nacha (although this wasn't working when I tested it). This domain is multihomed on a set of IP addresses we have seen a lot of lately and are definitely worth blocking: (AfricaINX, South Africa) (Neotel, South Africa) (Microlink, Latvia) (Free SAS / ProXad, France) (Nexen, France) (Sakura Internet, Japan) (Bharti Infotel, India) (Satata Neka Tama, Indonesia) (Commission For Science And Technology, Pakistan) (Sejong Telecom, Korea) (SK Broadband, Korea) (Sakura Internet, Japan)

Plain list for copy-and-pasting:

No comments: