Sponsored by..

Friday 7 September 2012

FedEx spam / dushare.net and gsigallery.net

Two fake FedEx campaigns today, with a format similar to the one found here but with different payload sites of dushare.net and gsigallery.net

In the first case, the malicious payload is at [donotclick]dushare.net/main.php?page=c82ec1c8d6998cf0 (report here) hosted on 203.91.113.6 (G Mobile, Mongolia). In the second case the payload is at [donotclick]gsigallery.net/main.php?page=2bfd5695763b6536 (report here) also hosted on 203.91.113.6.

The following domains are on the same server and should also be treated as being suspect.

padded.pl
spiki.pl
fruno.pl
nextbox.pl
omariosca.com
hemiga.com
decorera.com
seneesamj.com
obweesysho.com
unitmusiceditior.com
likenstendarts.com
flatbuzz.com
morepic.net
atfood.ru
indyware.ru
advia.kz
iowa.kz
autumn.kz
wet.kz
dushare.net
gsigallery.net

No comments: