Date: Wed, 11 Jul 2012 09:51:41 -0500
From: "Margret Bellamy" [USPS_Shipping_Services@usps.com]
Subject: Download your UPS invoices.
This is an automatically generated email Please do not reply to this email address.
Dear UPS Customer,
New invoice(invoices) are available for viewing in UPS billing center. Please note that your UPS invoices should be paid within 14 days to avoid any additional charges.
Please visit the UPS Billing Center to view and pay your invoice.
Find out more about UPS:
Visit ups.com
Explore UPS Freight Services
Learn About UPS Companies
Sign Up For Additional Email From UPS
Read our official journal
(c) 2012 United Parcel Service of America, Inc. UPS, the UPS brandmark, and the color brown are trademarks of United Parcel Service of America, Inc. All rights reserved.
For more information on UPS's privacy practices, refer to the UPS Privacy Policy.
Please do not reply directly to this e-mail. UPS will not receive any reply message.
For questions or comments, visit Contact UPS.
This communication contains proprietary information and may be confidential. If you are not the intended recipient, the reading, copying, disclosure or other use of the contents of this e-mail is strictly prohibited and you are instructed to please delete this e-mail immediately.
Privacy Policy
Contact UPS
The malicious payload is at [donotclick]peace-computer.com/main.php?page=22b33afad06e9ba5
on 62.109.26.35 (ISPsystem, Russia). The following domains and IPs are all connected to this attack:
afriget.net
ecocabmedia.net
fonografs.net
ghanarpower.net
hotspotboutique.net
itleadgenie.net
lessthansmoothmasculine.com
nectarstuff.net
sitkatacotruck.com
speciallyregarding.com
thaidescribed.com
yourcheckservice.com
46.105.254.202
62.109.26.35
92.201.139.15
109.164.221.176
109.169.87.169
158.25.100.139
164.15.250.148
173.234.9.84
209.59.210.119
211.157.105.160
1 comment:
We found 94 URLs associated with this attack and 5 unique email subjects.
I've posted the URLs here: http://pastebin.com/hHpkCudf
and the Subject lines were:
Download your UPS invoices.
You have outstanding UPS invoices.
Please download and pay your UPS delivery charges.
Your UPS invoices are ready for download.
You have new UPS invoices.
In our case, each of the URLs redirected to a Blackhole exploit kit on
http://proamd-inc[dot]com/main.php?page=8cb1f95c85bce71b
Post a Comment