![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU3f67K6C0NBokv04V37IYb3DgiTWa7OqhYK9KLn1zOV5r2-ZvW_f2syAYwe10QTwKlZcGWVmmhhG55RFY6tig_hDj_f5v2h6jeWOfuRWYMniYMtooVpvmKTEEMF9oi_dDXZG18tettOE/s200/ru8080.png)
Date: Mon, 19 Nov 2012 03:55:08 -0500
From: ups [admin@ups.com]
Subject: Re: FW: End of Aug. Statement Reqiured
Attachments: Invoices-1119-2012.htm
Hallo,
as reqeusted I give you inovices issued to you per oct. 2012 ( Internet Explorer/Mozilla Firefox file)
Regards
The malicious payload is at [donotclick]bamanaco.ru:8080/forum/links/column.php hosted on the following IPs:
203.80.16.81 (MYREN, Malaysia)
216.24.196.66 (Psychz Networks, US)
These IPs have been used to deliver malware several times recently, you should block access to them if you can.
No comments:
Post a Comment