![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU3f67K6C0NBokv04V37IYb3DgiTWa7OqhYK9KLn1zOV5r2-ZvW_f2syAYwe10QTwKlZcGWVmmhhG55RFY6tig_hDj_f5v2h6jeWOfuRWYMniYMtooVpvmKTEEMF9oi_dDXZG18tettOE/s200/ru8080.png)
Date: Fri, 23 Nov 2012 10:14:22 +0600The victim is enticed to click on the attachment which leads to a malicious payload on [donotclick]efaxinok.ru:8080/forum/links/column.php hosted on the following IPs:
From: "Contact" [customer-notification@ups.com]
Subject: Re: Changlog 10.2011
Attachments: changelog-212.htm
Good morning,
as promised changelog (Internet Explorer File)
202.180.221.186
203.80.16.81
208.87.243.131
216.24.196.66
These are the same IPs as used in this attack yesterday, and it forms part of a long-running malcious spam run which appears to have been going on forever. Of note, there's a new domain in this cluster of delemiator.ru which I haven't seen yet being used in a malicious spam run, but it probably will be.
No comments:
Post a Comment