This spam leads to malware on podarunoki.ru: Date: Fri, 30 Nov 2012 04:54:30 -0300
From: Jone Castaneda via LinkedIn [member@linkedin.com]
Subject: RE: Leonie - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
Leonie Doyle,
==========
Date: Fri, 30 Nov 2012 02:32:21 -0400
From: sales1@[victimdomain].com
Subject: RE: Samson - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
Samson Henry,
The malicious payload is at [donotclick]podarunoki.ru:8080/forum/links/column.php hosted on some familiar IP addresses which should be blocked if you can:
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
The following domains are also on the same servers:
gurmanikia.ru
ganiopatia.ru
ganalionomka.ru
genevaonline.ru
podarunoki.ru
binaminatori.ru
ganadeion.ru
dimarikanko.ru
delemiator.ru
No comments:
Post a Comment