Sponsored by..

Wednesday 11 July 2012

Intuit.com spam / thaidescribed.com

This spam leads to malware on thaidescribed.com:


Date:      Tue, 10 Jul 2012 13:49:59 -0300
From:      "LinkedIn Communication" [USPS_Shipping_Services@usps.com]
Subject:      New Payment through the Intuit network.

Incoming payment received: You received $840.00 from Parks LLC for invoice 53389

You can access the payment details here.

Funds will be transferred in your bank account.

You now have the opportunity to get paid by Credit Card on your invoices. To learn more please sign in to your IPN account and click on the 'Profile' tab on the left.


The malicious payload is on [donotclick]thaidescribed.com/main.php?page=8cb1f95c85bce71b (report here) hosted on 164.15.250.148 (Universite Libre de Bruxelles, Belgium). The malicious IPs and domains associated with this attack can also be found here, but you should probably block the following:


afriget.net
fonografs.net
proamd-inc.com
thaidescribed.com
80.77.87.185
164.15.250.148
200.184.213.131

No comments: