Sponsored by..

Monday, 13 August 2012

"Scan from a Xerox WorkCentre Pro" spam / mirdymas.ru

This spam leads to malware on mirdymas.ru:

From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.linkedin.com] On Behalf Of LinkedIn Password
Sent: 13 August 2012 08:59
Subject: Fwd: Re: Re: Scan from a Xerox WorkCentre Pro #9484820

A Document was sent to you using a XEROX WorkJet OP578636.


SENT BY : JIN
IMAGES : 1
FORMAT (.JPEG) DOWNLOAD

DEVICE: 109A62DS953L

The malicious payload is at [donotclick]mirdymas.ru:8080/forum/showthread.php?page=5fa58bce769e5c2 (report here) hosted on the following familiar IP addresses:

46.51.218.71 (Amazon, Ireland)
71.89.140.153 (Cloudaccess.net, US)
203.80.16.81 (Myren, Malaysia)

Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem.

No comments: