Sponsored by..

Thursday 27 September 2012

UPS Spam / sectantes-x.ru

This fake UPS spam leads to malware at sectantes-x.ru:


Date:      Thu, 27 Sep 2012 10:03:27 -0400
From:      Habbo Hotel [auto-contact@habbo.com]
Subject:      UPS Tracking Number H8244648923

    USPS .com Customer Services for big savings!     Can't see images? CLICK HERE.    
    UPS UPS SUPPORT 39    
UPS - UPS TEAM 31 >>
   
    Not Ready to Open

an Account?    
       
    The UPS Store� can help with full service packing and shipping.   
    Learn More >>   
   
       
   
UPS - Your UPS .com Customer Services
Dear, [redacted]

DEAR CUSTOMER , Delivery Confirmation: Failed

Track your Shipment now!

With best wishes , UPS .com Customer Services.
   
                       
Shipping         Tracking         Calculate Time & Cost         Open an Account
                       
@ 2011 United Parcel Service of America, Inc. Your USPS Team, the UPS brandmark, and the color brown are

trademarks of United Parcel Service of America, Inc. All rights reserved.



This is a marketing e-mail for UPS services. Click here to update your e-mail preferences or to unsubscribe to

Your USPS .US marketing e-mail. For information on UPS's privacy practices, please refer to UPS Privacy Policy.



USPS .com Customer Services, 33 Glenlake Parkway, NE - Atlanta, GA 30580

Attn: Customer Communications Department


The malicious payload is at [donotclick]sectantes-x.ru:8080/forum/links/column.php hosted on the following IP addresses:
84.22.100.108 (Republic CyberBunker, Antarctica - Amsterdam more likely)
190.10.14.196 (RACSA, Costa Rica)
203.80.16.81 (Myren, Malaysia)

The following IPs and domains are all connected and should be blocked:
84.22.100.108
190.10.14.196
203.80.16.81
rumyniaonline.ru
denegnashete.ru
dimabilanch.ru
ioponeslal.ru
soisokdomen.ru
moskowpulkavo.ru
diareuomop.ru
omahabeachs.ru
sectantes-x.ru

In addition, CyberBunker has a long history of spamming and tolerating criminals. Blocking the range 84.22.96.0/19 should afford your network some additional protection.

No comments: