This spam leads to malware on kiladopje.ru: From: ZaireLomay@mail.com [mailto:ZaireLomay@mail.com]In this case, there's an attachment called Invoices-23-2012.htm with some obfuscated Javascript to direct visitors to a malware laden page at [donotclick]kiladopje.ru:8080/forum/links/column.php hosted on:
Sent: 24 October 2012 20:58
Subject: Re: FW: End of Aug. Statement required
Hi,
as reqeusted I give you inovices issued to you per sept. (Internet Explorer format)
Regards
79.98.27.9 (Interneto Vizija, Lithunia)
203.80.16.81 (MYREN, Malaysia)
209.51.221.247 (eNet, US)
The following IPs and domains are all related and should be blocked if you can:
68.67.42.41
72.18.203.140
79.98.27.9
84.22.100.108
85.143.166.170
132.248.49.112
190.10.14.196
202.3.245.13
203.80.16.81
209.51.221.247
fidelocastroo.ru
finitolaco.ru
kennedyana.ru
kiladopje.ru
lemonadiom.ru
leprasmotra.ru
ponowseniks.ru
secondhand4u.ru
windowonu.ru
No comments:
Post a Comment