This spam contains an attachment leading to malware on phpforkiddies.ru:Date: Wed, 18 Jul 2012 01:23:20 +0300The attachment in this case is called Wire_NFED_Rejected.htm and contains a script that attempts to load malware from [donotclick]phpforkiddies.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) which is multihomed on the following IPs:
From: "EUNA Wood" [AdamWnukowski@himsa.com.mx]
Subject: Fwd: Wire Transfer (75073UQ608)
Attachments: Wire_NFED_Rejected.htm
Dear Operator,
WIRE N: FED-9058663000926019
STATUS: REJECTED
You can find details in the attached file.
The following IPs and domains are connected and should be blocked:
41.66.137.155
50.57.43.49
62.76.186.75
62.76.188.120
62.213.64.161
78.83.233.242
85.143.166.243
87.120.41.155
89.111.177.151
173.203.96.79
184.106.189.124
193.109.144.51
203.80.16.81
203.172.140.202
213.17.171.186
bmwforummsk.ru
forumenginesspb.ru
hamlovladivostok.ru
mazdaontours.ru
phpforkiddies.ru
porscheforumspb.ru
No comments:
Post a Comment