Sponsored by..

Friday 9 November 2012

Changelog spam / canadianpanakota.ru

This spam leads to malware on canadianpanakota.ru:

Date:      Fri, 9 Nov 2012 11:55:11 +0530
From:      LinkedIn Password [password@linkedin.com]
Subject:      Re: Changlog 10.2011
Attachments:     changelog4-2012.htm

Hello,
as promised changelog,(Internet Explorer File)
The attachment leads to a malicious payload at [donotclick]canadianpanakota.ru:8080/forum/links/column.php  hosted on the following IPs:

120.138.20.54 (SiteHost, New Zealand)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)


These IPs will probably be used in other attacks, blocking access to them now might be prudent. The following IPs and domains are all related:


120.138.20.54
202.180.221.186
203.80.16.81
canadianpanakota.ru
controlleramo.ru
donkihotik.ru
finitolaco.ru
fionadix.ru
forumibiza.ru
lemonadiom.ru
peneloipin.ru
moneymakergrow.ru


No comments: