This fake "Wire Transfer" spam (or is it UPS?) leads to malware on furnitura-forums.ru:Date: Wed, 25 Jul 2012 09:12:43 -0500
From: "Express MyUps" [upsservices@ups.com]
Subject: Fwd: Re: Wire Transfer
Attachments: Wire_ID88283.htm
Dear Operator,
WIRE FID: NO-004394626739460
STATUS: CANCELLED
You can find details in the attached file.
The attachment Wire_ID88283.htm attempts to load malware from [donotclick]furnitura-forums.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IPs:
78.83.233.242 (Spectrum Net JSC, Bulgaria)
203.80.16.81 (Myren, Malaysia)
..these two IP addresses also host some other malware sites and are worth blocking:
porschedesignrussia.ru
bmwforummsk.ru
phpforkiddies.ru
forumanarhist.ru
No comments:
Post a Comment