Date: Fri, 4 May 2012 08:50:52 -0500
From: "Cathryn Small" [USPS_Shipping_Support@usps.com]
Subject: Your USPS shipment postage labels receipt.
Acct #: 0443907
Dear client:
This is an email confirmation for your order of 3 online shipping label(s) with postage. Your credit card will be charged the following amount:
Transaction ID: #1537194
Print Date/Time: 03/15/2012 02:30 PM CST
Postage Amount: $43.70
Credit Card Number: XXXX XXXX XXXX XXXX
Priority Mail Regional Rate Box B # 5153 9371 4727 8289 2238 (Sequence Number 1 of 1)
If you need further information, please log on to www.usps.com/clicknship and go to your Shipping History or visit our Frequently Asked Questions .
You can refund your unused postage labels up to 14 days after the issue date by logging on to your Click-N-Ship Account.
Thank you for choosing the United States Postal Service
Click-N-Ship: The Online Shipping Solution
Click-N-Ship has just made on line shipping with the USPS even better.
New Enhanced International Label and Customs Form: Updated Look and Easy to Use!
* * * * * * * *
This is a post-only message
The malicious payload is an exploit kit at computerpills.net/main.php?page=beb0bb4c8ebd96e5 hosted on 37.59.68.23 (OVH, UK) which is the same server used in this attack, the payload looks to be the same as the one used in this other attack, with a very low detection rate at VirusTotal of just 3/42.
3 comments:
Hi,
I linked to your blog from the @virusbtn account, as I have done in the past. Someone pointed out that you include literal malicious URLs in your posts and, although they are not clickable, someone could 'accidentally' copy/paste them (perhaps because they misunderstand your blog post) and then get infected. Would it be an idea to either hide part of the URL, or display it in such a way that it's very difficult to copy/paste it in a browser?
Thanks - Martijn
Thx. Here URL are really welcome !
I think to make everyone happy, you should add an iframe leading to a BH EK forcing Java update in silent mode ;)
Post a Comment