Sponsored by..

Wednesday, 3 October 2012

PayPal spam / lenindeads.ru

This fake PayPal spam leads to malware on lenindeads.ru:


Date:      Wed, 3 Oct 2012 09:41:01 -0500
From:      "service@paypal.com" [service@paypal.com]
To:      [redacted]
Subject:      Welcome to PayPal - Choose your way to pay

   
Welcome

Hello postinialerts,

Thanks for paying with PayPal.

We congratulate you with your first Paypal money transfer. But we have hold it for the moment because the amount is over the security borders of our rules.


Here is what we have on file for you. Take a second to confirm we have your correct information.
Email
[redacted]
Confirmation Code
2188-9944-1312-3905-5127
   
Transfer Information
Amount: 31549.96 $
Reciever: Merrill Prather
E-mail: Rogers40144@[redacted]
Accept Decline

   
Help Center | Security Center

Please don't reply to this email. It'll just confuse the computer that sent it and you won't get a response.

Copyright � 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

PayPal Email ID PP1529

==========



Date:      Wed, 3 Oct 2012 01:04:29 +0300
From:      "service@paypal.com" [service@paypal.com]
To:      [redacted]
Subject:      Welcome to PayPal - Choose your way to pay

   
Welcome

Hello [redacted],

Thanks for paying with PayPal.

We congratulate you with your first Paypal money transfer. But we have hold it for the moment because the amount is over the security borders of our rules.


Here is what we have on file for you. Take a second to confirm we have your correct information.
Email
[redacted]
Confirmation Code
5554-8629-5683-9807-4239
   
Transfer Information
Amount: 38567.21 $
Reciever: Anabel Cordero
E-mail: Travis68451@[redacted]
Accept Decline

   
Help Center | Security Center

Please don't reply to this email. It'll just confuse the computer that sent it and you won't get a response.

Copyright � 2012 PayPal, Inc. All rights reserved. PayPal is located at 2211 N. First St., San Jose, CA 95131.

PayPal Email ID PP7370
The malicious payload is at [donotclick]lenindeads.ru:8080/forum/links/column.php hosted on:

202.3.245.13 (MANA, Tahiti)
203.80.16.81 (MYREN, Malaysia)
213.251.162.65 (OVH, France)

The following domains and IPs are all related:
202.3.245.13
203.80.16.81
213.251.162.65
limonadiksec.ru
rumyniaonline.ru
sonatanamore.ru
ioponeslal.ru
onlinebayunator.ru
uzoshkins.ru
moskowpulkavo.ru
omahabeachs.ru
sectantes-x.ru

Added:
pionierspokemon.ru
appleonliner.ru
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)