This fake "Wire Transfer" spam leads to spam on dimarikanko.ru:Date: Thu, 29 Nov 2012 06:01:55 +0700The malicious payload is at [donotclick]dimarikanko.ru:8080/forum/links/column.php hosted on a bunch of familiar looking IP addresses which have been used in several recent attacks:
From: LinkedIn Connections [connections@linkedin.com]
Subject: Re: Fwd: Wire Transfer (75631MU030)
Dear Bank Account Operator,
WIRE TRANSFER: FED675249061747420
CURRENT STATUS: PENDING
Please REVIEW YOUR TRANSACTION as soon as possible.
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
208.87.243.131 (Psychz Networks, US)
No comments:
Post a Comment