This fake wire transfer spam leads to malware on gurmanikia.ru:Date: Tue, 27 Nov 2012 01:14:15 -0500The malicious payload is at [donotclick]gurmanikia.ru:8080/forum/links/column.php hosted on the following well-known malicious IPs:
From: Emerita Ayers via LinkedIn [member@linkedin.com]
Subject: RE: Your Wire Transfer N27172774
Dear Customers,
Wire debit transfer was canceled.
Canceled transfer:
FED NUMBER: 6946432301WIRE298280
Transaction Report: View
Federal Reserve Wire Network
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
208.87.243.131 (Psychz Networks, US)
No comments:
Post a Comment