Sponsored by..

Monday 22 October 2012

"Copies of Policies" spam / fidelocastroo.ru

This spam leads to malware on fidelocastroo.ru:

Date:      Mon, 22 Oct 2012 08:05:10 -0500
From:      Twitter [c-FG6SPPPCGK63=D8154Z4.8N4-6042f@postmaster.twitter.com]
Subject:      RE: Charley - Copies of Policies.

Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.

Here is the Package and Umbrella,

and a copy of the most recent schedule.

Charley HEALY,

The malicious payload is on [donotclick]fidelocastroo.ru:8080/forum/links/column.php hosted on the following IPs: (Fibrenoire, Canada) (Interneto Vizija, Lithunia) (RACSA, Costa Rica) (MANA, French Polynesia) (MYREN, Malaysia) (eNET, US)

Plain list for copy and pasting:

Blocking these IPs should prevent any other attacks on the same server.

No comments: