This fake contact spam leads to malware on fidelocastroo.ru:Date: Tue, 23 Oct 2012 12:33:51 -0800The .htm attachment contains obfuscated javascript that attempts to direct the visitor to a malicious [donotclick]fidelocastroo.ru:8080/forum/links/column.php. This domain name has been used in several recent attacks and is currently multihomed on some familiar IP addresses:
From: "Wilburn TIMMONS" [HIWilburn@hotmail.com]
Subject: Fw: Contract from Wilburn
Attachments: Contract_Scan_DS23656.htm
Hello,
In the attached file I am transferring you the Translation of the Job Contract that I have just received today. I am really sorry for the delay.
Best regards,
Wilburn TIMMONS, secretary
202.3.245.13 (President of French Polynesia)
203.80.16.81 (MYREN, Malaysia)
209.51.221.247 (eNet, US)
No comments:
Post a Comment