Sponsored by..

Friday 5 October 2012

UPS Spam / minus.preciseenginewarehouse.com

This fake UPS spam leads to malware on minus.preciseenginewarehouse.com:


From:      "UPSBillingCenter" [512A03797@songburi.com]
Subject:      Your UPS Invoice is Ready


This is an automatically generated email. Please do not reply to this email address.



Dear UPS Customer,



New invoice(s) are available for the consolidated payment plan(s) / account(s) enrolled in the UPS Billing Center


Please visit the UPS Billing Center to view and pay your invoice.


Discover more about UPS:

Visit ups.com

Explore UPS Freight Services

Learn About UPS Companies

Sign Up For Additional Email From UPS

Read Compass Online



(c) 2012 United Parcel Service of America, Inc. UPS, the UPS brandmark, and the color brown are trademarks of United Parcel Service of America, Inc. All rights reserved.

For more information on UPS's privacy practices, refer to the UPS Privacy Policy.

Please do not reply directly to this e-mail. UPS will not receive any reply message.

For questions or comments, visit Contact UPS.



This communication contains proprietary information and may be confidential. If you are not the intended recipient, the reading, copying, disclosure or other use of the contents of this e-mail is strictly prohibited and you are instructed to please delete this e-mail immediately.
Privacy Policy

Contact UPS
The malicious payload is at [donotclick]minus.preciseenginewarehouse.com/links/assure_numb_engineers.php hosted on 174.140.165.112 (DirectSpace Networks, US) which also houses the following suspect domains:


minus.preciseenginewarehouse.com
minus.dirttrackwarehouse.com
minus.sprintwarehouse.com
two.scott-j.com
one.touveron.com
two.accent-bldrs.com

To be precise, the subdomains seem malicious, the domains themselves appear to be legitimate ones where the domain account has been hacked. Blocking 174.140.165.112 would be prudent.

No comments: