Sponsored by..

Wednesday 23 January 2013

BT Business spam / esenstialin.ru

This fake BT Business spam leads to malware on esenstialin.ru:


Date:      Wed, 23 Jan 2013 05:18:56 +0100
From:      MackenzieCronin@[victimdomain]
Subject:      BT Business Direct Order
Attachments:     DeliveryTR992802.htm


Notice of delivery

Hi,

We're pleased to confirm that we have now accepted and despatched your order on Wed, 23 Jan 2013 05:18:56 +0100.

Unless you chose a next day or other premium delivery service option, then in most cases your order will arrive within 1-3 days. If we despatched your order via Letterpost, it may take a little longer.

***Please note that your order may have shipped in separate boxes and this means that separate consignment numbers may be applicable***

We've despatched...

..using the attached shipment details...
Courier     Ref     Carriage method
Royal Mail     53792837735     1-3 Days

Please note that you will only be able to use this tracking reference once the courier has scanned the parcel into their depot. Please allow 24 hours from the date of this email before tracking your parcel online.

For information on how track your delivery, please follow to attached file.

Important information for Yodel deliveries:

If your consignment number starts with KN8053154 your delivery will require a signature. If there is no-one at the delivery address to sign for the goods a card will be left containing the contact details of the courier so that you can re-arrange delivery or arrange a collection.


The malicious payload is on [donotclick]esenstialin.ru:8080/forum/links/column.php hosted on the following IPs:

50.31.1.104 (Steadfast Networks, US)
91.224.135.20 (Proservis UAB, Lithunia)

No comments: