Sponsored by..

Wednesday 25 July 2012

US Airways spam / reformattedfilmmaker.org and algebrayep.org

This fake US Airways spam leads to malware on reformattedfilmmaker.org:

Date: Wed, 25 Jul 2012 09:46:57 -0500
From: "US Airways - Reservations" [support@myusairways.com]
Subject: Confirm your US airways online reservation.

You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). After that, all you have to do is print your boarding pass and go to the gate.

Confirmation code: 210916

Check-in online: Online reservation details

Flight

4817
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 7/26/2012


We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

The malicious payload is at [dotnotclick]reformattedfilmmaker.org/main.php?page=70ec803a01c84ddc (report here) hosted on the same Chinese IP address of 221.131.129.200 that was used in a similar spam run yesterday.

UPDATE: a similar US Airways spam run is also underway with a malicious payload on algebrayep.org on the same IP address.

No comments: