Date: Mon, 3 Dec 2012 11:34:38 +0330The malicious payload is at [donotclick]panamechkis.ru:8080/forum/links/column.php hosted on:
From: HarrisonCrumm@mail.com
Subject: RE: Wire Transfer cancelled
Dear Customers,
Wire transfer was canceled.
Rejected transfer:
FED NUMBER: 1704196955WIRE580676
Transaction Report: View
Federal Reserve Wire Network
113.197.88.226 (ULNetworks, Korea)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
Of these, 113.197.88.226 seems to be a new one which should be added to your blocklists.
No comments:
Post a Comment