Date: Mon, 3 Dec 2012 09:25:59 -0600The malicious payload is at [donotclick]somaliaonfloor.ru:8080/forum/links/public_version.php hosted on the same IPs used in this attack.
From: Bebo Service [service@noreply.bebo.com]
Subject: Fwd: Re: Scan from a Hewlett-Packard ScanJet #3838
A document was scanned and sent to you using a Hewlett-Packard HP15310290
Sent to you by: ROSIO
Pages : 8
Filetype(s): Images (.jpeg) View
==========
Date: Mon, 3 Dec 2012 11:06:22 -0500
From: "service@paypal.com" [service@paypal.com]
Subject: Re: Fwd: Scan from a Hewlett-Packard ScanJet 33712789
A document was scanned and sent to you using a Hewlett-Packard HP8220647
Sent to you by: CLAUDIA
Pages : 7
Filetype(s): Images (.jpeg) View
113.197.88.226 (ULNetworks, Korea)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
No comments:
Post a Comment