Sponsored by..

Thursday 29 November 2012

"Wire Transfer" spam / dimarikanko.ru

This fake "Wire Transfer" spam leads to spam on dimarikanko.ru:

Date:      Thu, 29 Nov 2012 06:01:55 +0700
From:      LinkedIn Connections [connections@linkedin.com]
Subject:      Re: Fwd: Wire Transfer (75631MU030)

Dear Bank Account Operator,



WIRE TRANSFER: FED675249061747420

CURRENT STATUS: PENDING



Please REVIEW YOUR TRANSACTION as soon as possible.
The malicious payload is at [donotclick]dimarikanko.ru:8080/forum/links/column.php hosted on a bunch of familiar looking IP addresses which have been used in several recent attacks:

202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
208.87.243.131 (Psychz Networks, US)

No comments: