Sponsored by..

Friday, 30 November 2012

iTunes spam / mokingbirdgives.org

This fake iTunes spam leads to malware on mokingbirdgives.org:

From:     iTunes itunes@new.itunes.com
To:     purchasing [purchasing@victimdomain.com]
Date:     30 November 2012 17:02
Subject:     Your receipt #16201509085048

Billed To:
%email%

Order Number: M1V008146011
Receipt Date: 30/11/2012

Order Total: $699.99
Billed To: Credit card

Item Number     Description     Unit Price
1     Postcard (View\Download )
 Cancel order  Not your order?Report a Problem     $699.99
Subtotal:     $699.99
Tax:     $0.00
Order Total:     $699.99


Please retain for your records.
Please See Below For Terms And Conditions Pertaining To This Order.

Apple Inc.
You can find the iTunes Store Terms of Sale and Sales Policies by launching your iTunes application and clicking on Terms of Sale or Sales Policies

FBI ANTI-PIRACY WARNING
UNAUTHORIZED COPYING IS PUNISHABLE UNDER FEDERAL LAW.

Answers to frequently asked questions regarding the iTunes Store can be found at http://www.apple.com/support/itunes/store/



Apple ID Summary •  Detailed invoice

Apple respects your privacy.

Copyright © 2011 Apple Inc. All rights reserved
The malicious payload is at [donotclick]mokingbirdgives.org/less/demands-probably.php (report here) hosted on 184.82.100.201 (HostNOC, US) along with the following domains which also appear to be malicious:

jokolet5.cu.cc
revreka.cu.cc
kretaf.cu.cc
hoyerrr.cu.cc
xecomas.cu.cc
serawers.cu.cc
spaswers.cu.cc
retainedthumb.uni.me
safemessageassimilated.uni.me
fullblowntie.uni.me
confusetelltale.uni.me
fulltouchabandoning.uni.me
cuingdisinfecting.uni.me
mobilesitedisplaydizzying.uni.me
deadlinesorganizing.uni.me
consequencesaolcom.uni.me
areascompareran.uni.me
trusteunplugs.uni.me
rightsideconcoctions.uni.me
rearfacingisight.uni.me
starearnernot.uni.me
mokingbirdgives.org
germannewslinks.org
likoawdsdfzgage.dyndns-remote.com
syenial.com
amusicman.com
germannewslinks.com
fusioncaters.com
uqakanyd.ocry.com
u96s.info
germannewslinks.info
beardwithgofus.info
demonstrateddesktoplike.pro
thcenturysplitting.pro
stub.appartamentofirenze.net
germannewslinks.net
advert.apps-myups.net

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)