This fake Wire Transfer spam leads to malware on angelaonfl.ru:Date: Wed, 19 Dec 2012 11:26:24 -0500The malicious payload is at [donotclick]angelaonfl.ru:8080/forum/links/column.php hosted on the following IPs:
From: "Myspace" [noreply@message.myspace.com]
Subject: Wire Transfer (3014YZ20)
Welcome,
Your Wire Transfer Amount: USD 45,429.29
Transfer Report: View
EULALIA Henry,
The Federal Reserve Wire Network
91.224.135.20 (Proservis UAB, Lithunia)
210.71.250.131 (Chunghwa Telecom, Taiwan)
217.112.40.69 (Utransit, UK)
The following domains and IPs are all related and should be blocked if you can:
91.224.135.20
210.71.250.131
217.112.40.69
pelamutrika.ru
antariktika.ru
apensiona.ru
aliamognoa.ru
ahiontota.ru
anifkailood.ru
podarunoki.ru
aseniakrol.ru
publicatorian.ru
pitoniamason.ru
aviaonlolsio.ru
dimarikanko.ru
adanagenro.ru
aofngppahgor.ru
apolinaklsit.ru
angelaonfl.ru
No comments:
Post a Comment