This fake whatever-the-heck-it-is spam leads to malware on incinteractive.net:Date: Fri, 28 Dec 2012 22:45:28 +0900The malicious payload is at [donotclick]incinteractive.net/detects/wishs_continually.php hosted on the well-known IP of 59.57.247.185 in China which also hosts these following malicious domains:
From: "Federal Reserve Banking Services@sys.frb.org" [ACHR_58976105@FedMail.frb.org]
Subject: FedMail (R): FedACH Announcement - End of Day - 12/27/12
Please overview the ACH Advice Statement from the Federal Reserve System by clicking here.
sessionid0147239047829578349578239077.pl
tv-usib.com
atsushitani.com
proxfied.net
incinteractive.net
timesofnorth.net
latticesoft.net
incinteractive.net
No comments:
Post a Comment