Sponsored by..

Wednesday, 5 December 2012

BBB Spam / leberiasun.ru

This fake BBB spam leads to malware on leberiasun.ru:


Date:      Wed, 5 Dec 2012 11:32:47 +0330
From:      Bebo Service [service@noreply.bebo.com]
Subject:      Urgent information from BBB

Attn: Owner/Manager

Here with the Better Business Bureau notifies you that we have received a complaint (ID 243917811)
from one of your customers with respect to their dealership with you.

Please open the COMPLAINT REPORT below to obtain more information on this matter and let us know of your point of view as soon as possible.

We are looking forward to your prompt reply.
Regards,

JONELLE Payne


The malicious payload is at [donotclick]leberiasun.ru:8080/forum/links/column.php (report here) hosted on the following IPs:

42.121.116.38 (Aliyun Computing Co, China)
202.180.221.186 (GNet, Mongolia)
208.87.243.131 (Psychz Networks, US)
219.255.134.110 (SK Broadband, Korea

These IPs have been used in several attacks recently. You should block access if you can.


No comments: