This spam leads to malware on hamasutra.ru:From: Lula Stevens [mailto:JolieWright@shaw.ca]
Sent: 20 November 2012 05:57
Subject: Don't forget about meeting tomorrow
Don't forget this report for meeting tomorrow.
See attached file. (Internet Explorer file)
In the sample I have seen, there is an attachment called Report.htm with some obfuscated javascript leading to a malicious payload at [donotclick]hamasutra.ru:8080/forum/links/column.php hosted on the following IPs:
82.165.193.26 (1&1, Germany)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
216.24.196.66 (Psychz Networks, US)
Plain list:
82.165.193.26
202.180.221.186
203.80.16.81
216.24.196.66
No comments:
Post a Comment