Sponsored by..

Tuesday 13 November 2012

"End of Aug. Statmeent" spam / veneziolo.ru

The spam never stops, this malicious email leads to malware at veneziolo.ru:

Date:      Tue, 13 Nov 2012 12:27:15 -0500
From:      Mathilda Allen via LinkedIn [member@linkedin.com]
Subject:      Re: End of Aug. Statmeent required
Attachments:     Invoices12-2012.htm

Good morning,

as reqeusted I give you inovices issued to you per sept. (Internet Explorer format)

Regards
The malicious payload is at [donotclick]veneziolo.ru:8080/forum/links/column.php hosted on the same IPs seen earlier today, the following IPs and domains are all related:

41.168.5.140
62.76.46.195
62.76.178.233
62.76.186.190
62.76.188.246
65.99.223.24
84.22.100.108
85.143.166.170
87.120.41.155
91.194.122.8
103.6.238.9
120.138.20.54
132.248.49.112
202.180.221.186
203.80.16.81
207.126.57.208
209.51.221.247
213.251.171.30
216.24.194.66
canadianpanakota.ru
controlleramo.ru
denegnashete.ru
forumibiza.ru
kiladopje.ru
lemonadiom.ru
limonadiksec.ru
monacofrm.ru
moneymakergrow.ru
omahabeachs.ru
peneloipin.ru
rumyniaonline.ru
uzoshkins.ru
veneziolo.ru

No comments: