From: Keshawn Burns [mailto:MaribelParchment@hotmail.com]The attachment contains some obfuscated Javascript that redirects the visitor to a malicious payload on [donotclick]peneloipin.ru:8080/forum/links/column.php hosted on some IPs that have been used several times before for malware:
Sent: 06 November 2012 05:09
Subject: Scan from a Xerox WorkCentre Pro #47938830
Please open the attached document. It was scanned and sent
to you using a Xerox WorkCentre Pro.
Sent by: Keshawn
Number of Images: 5
Attachment File Type: .HTML [Internet Explorer file]
Xerox WorkCentre Location: machine location not set
65.99.223.24 (RimuHosting, US)
103.6.238.9 (Universiti Putra, Malaysia)
203.80.16.81 (MYREN, Malaysia)
The following malicious domains are also hosted on the same servers:
forumibiza.ru
kiladopje.ru
donkihotik.ru
lemonadiom.ru
peneloipin.ru
panacealeon.ru
finitolaco.ru
fidelocastroo.ru
ponowseniks.ru
dianadrau.ru
panalkinew.ru
fionadix.ru
No comments:
Post a Comment