This spam leads to malware on canadianpanakota.ru:Date: Fri, 9 Nov 2012 11:55:11 +0530The attachment leads to a malicious payload at [donotclick]canadianpanakota.ru:8080/forum/links/column.php hosted on the following IPs:
From: LinkedIn Password [password@linkedin.com]
Subject: Re: Changlog 10.2011
Attachments: changelog4-2012.htm
Hello,
as promised changelog,(Internet Explorer File)
120.138.20.54 (SiteHost, New Zealand)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
These IPs will probably be used in other attacks, blocking access to them now might be prudent. The following IPs and domains are all related:
120.138.20.54
202.180.221.186
203.80.16.81
canadianpanakota.ru
controlleramo.ru
donkihotik.ru
finitolaco.ru
fionadix.ru
forumibiza.ru
lemonadiom.ru
peneloipin.ru
moneymakergrow.ru
No comments:
Post a Comment