Sponsored by..

Friday 2 November 2012

Wire Transfer spam / webmoniacs.ru

This fake wire transfer spam leads to malware on webmoniacs.ru:


Date:      Fri, 2 Nov 2012 06:23:10 +0700
From:      "service@paypal.com" [service@paypal.com]
Subject:      RE: Wire Transfer cancelled

Dear Sirs,

The Wire transfer was canceled by the other bank.



Canceled transaction:

FED REFERENCE NUMBER: 628591160ACH34584

Transaction Report: View



The Federal Reserve Wire Network
The malicious payload is at [donotclick]webmoniacs.ru:8080/forum/links/column.php hosted on:
65.99.223.24 (RimuHosting, US)
203.80.16.81 (MYREN, Malaysia)
209.51.221.247 (eNet, US)

The following IPs and domain are all connected and should be blocked:
50.22.102.132
62.76.186.190
65.99.223.24
68.67.42.41
79.98.27.9
84.22.100.108
85.143.166.170
132.248.49.112
203.80.16.81
209.51.221.247
213.251.171.30
denegnashete.ru
dianadrau.ru
donkihotik.ru
fidelocastroo.ru
finitolaco.ru
fionadix.ru
forumibiza.ru
kiladopje.ru
lemonadiom.ru
manekenppa.ru
panacealeon.ru
panalkinew.ru
pionierspokemon.ru
ponowseniks.ru
rumyniaonline.ru
webmoniacs.ru
windowonu.ru

No comments: