![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU3f67K6C0NBokv04V37IYb3DgiTWa7OqhYK9KLn1zOV5r2-ZvW_f2syAYwe10QTwKlZcGWVmmhhG55RFY6tig_hDj_f5v2h6jeWOfuRWYMniYMtooVpvmKTEEMF9oi_dDXZG18tettOE/s200/ru8080.png)
Date: Tue, 23 Oct 2012 12:33:51 -0800The .htm attachment contains obfuscated javascript that attempts to direct the visitor to a malicious [donotclick]fidelocastroo.ru:8080/forum/links/column.php. This domain name has been used in several recent attacks and is currently multihomed on some familiar IP addresses:
From: "Wilburn TIMMONS" [HIWilburn@hotmail.com]
Subject: Fw: Contract from Wilburn
Attachments: Contract_Scan_DS23656.htm
Hello,
In the attached file I am transferring you the Translation of the Job Contract that I have just received today. I am really sorry for the delay.
Best regards,
Wilburn TIMMONS, secretary
202.3.245.13 (President of French Polynesia)
203.80.16.81 (MYREN, Malaysia)
209.51.221.247 (eNet, US)
No comments:
Post a Comment