Date: Fri, 18 Jan 2013 09:08:38 -0500The malicious payload is at [donotclick]dopaminko.ru:8080/forum/links/column.php hosted on the following familiar IP addresses:
From: "service@paypal.com" [service@paypal.com]
Subject: ADP Immediate Notification
ADP Immediate Notification
Reference #: 544043911
Fri, 18 Jan 2013 09:08:38 -0500
Dear ADP Client
Your Transfer Record(s) have been created at the web site:
https://www.flexdirect.adp.com/client/login.aspx
Please see the following notes:
Please note that your bank account will be debited within one banking business day for the amount(s) shown on the report(s).
Please do not respond or reply to this automated e-mail. If you have any questions or comments, please Contact your ADP Benefits Specialist.
This note was sent to acting users in your system that approach ADP Netsecure.
As usual, thank you for choosing ADP as your business affiliate!
Ref: 206179035
HR. Payroll. Benefits.
The ADP logo and ADP are registered trademarks of ADP, Inc.
In the business of your success is a service mark of ADP, Inc.
© 2013 ADP, Inc. All rights reserved.
89.111.176.125 (Garant-Park-Telecom, Russia)
91.224.135.20 (Proservis UAB, Lithunia)
212.112.207.15 (ip4 GmbH, Germany)
These following malicious domains appear to be active on these servers:
dekamerionka.ru
dmssmgf.ru
dmpsonthh.ru
dmeiweilik.ru
demoralization.ru
damagalko.ru
dozakialko.ru
dopaminko.ru
dumarianoko.ru
dimanakasono.ru
bananamamor.ru
dfudont.ru
No comments:
Post a Comment