Sponsored by..

Friday 14 December 2012

Changelog spam / aviaonlolsio.ru

This fake Changelog spam leads to malware on aviaonlolsio.ru:

From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.linkedin.com] On Behalf Of Earlean Gardner via LinkedIn
Sent: 13 December 2012 20:22
Subject: Re: Changelog as promised (upd.)

Hi,
as promised - View

I. SWEET

====================


Date:      Fri, 14 Dec 2012 05:22:54 +0700
From:      "Kaiya HIGGINS" [fwGpEzHIGGINS@hotmail.com]
Subject:      Re: Fwd: Changelog as promised(updated)

Hi,

as promised chnglog updated - View

I. HIGGINS

The malicious payload is at [donotclick]aviaonlolsio.ru:8080/forum/links/column.php hosted on the same IPs as used in this attack:

75.148.242.70 (Comcast Business, US)
91.142.208.144 (Axarnet, Spain)

The following malicious domains are on those same IPs:

ahiontota.ru
aliamognoa.ru
amnaosogo.ru
anifkailood.ru
aofngppahgor.ru
aseniakrol.ru
aviaonlolsio.ru
awoeionfpop.ru
dimarikanko.ru
pelamutrika.ru
pitoniamason.ru
podarunoki.ru
publicatorian.ru

No comments: