This fake flight email leads to malware on saprolaunimaxim.ru.From: Simonne Storey [sandy@krishermckay.com]
Subject: Your Flight Order А994284
Dear Customer,
FLIGHT NUMBER A45-342
DATE & TIME / JUNE 27, 2012, 10:140 PM
ARRIVING: NEW YORK JFK
TOTAL PRICE : 456.62 USD
Please download and print out your ticket here:
DOWNLOAD
Amercian Airlines{br[1-5]}
The link hoes to a malicious payload on [donotclick]saprolaunimaxim.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IP addresses:
89.108.75.155 (Agava Ltd, Russia)
50.57.43.49 (Slicehost, US)
50.57.88.200 (Slicehost, US)
The following IPs and domains are also connected to this malware and should be considered hostile:
girlsnotcryz.ru
hamlovladivostok.ru
holigaansongeer.ru
paranoiknepjet.ru
piloramamoskow.ru
pistolitnameste.ru
pushkidamki.ru
spbfotomontag.ru
stroby.ru
uzindexation.ru
31.17.189.212
50.57.43.49
50.57.88.200
89.108.75.155
184.106.200.65
187.85.160.106
No comments:
Post a Comment