This fake wire transfer spam leads to malware at forumanarhist.ru:Date: Thu, 19 Jul 2012 02:56:36 -0400
From: CABALLEROFANNYcRU@aol.com
Subject: Fwd: Wire Transfer (9579GQ518)
Attachments: Wire_AMBA01-Rejected.htm
Dear Operator,
WIRE N: FD-1059598546520289
STATUS: REJECTED
You can find details in the attached file.
The malicious attachment is named Wire_AMBA01-Rejected.htm and contains a redirector to [donotclick]forumanarhist.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here)
That site is multhomed at the following IPs:
78.83.233.242
203.80.16.81
213.17.171.186
There are some additional IPs and domains that can be found in this post that should also be blocked.
No comments:
Post a Comment