Sponsored by..

Wednesday 23 January 2013

USPS spam / euronotedetector.net

This fake USPS spam leads to malware on euronotedetector.net:

From: USPS Quantum View [mailto:notify@usps.com]
Sent: 23 January 2013 14:33
Subject: Your USPS postage labels charge.


Acct #: 2377203

[redacted]

This is an email confirmation for your order of 5 online shipping label(s) with postage. Your credit card will be charged the following amount:

Transaction ID: #9724602
Print Date/Time: 01/21/2013 02:05 PM EST
Postage Amount: $21.80
Credit Card Number: XXXX XXXX XXXX XXXX

Overnight Mail Regional Rate Box B # 7184  5899 9548 5735 5133 (Sequence Number 1 of 1)
   

If you need further assistance, please log on to www.usps.com/clicknship and go to your Shipping History or visit our Frequently Asked Questions .

Refunds for unused postage-paid labels can be requested online up to 10 days after the issue date by logging on to your Click-N-Ship Account.

Thank you for choosing the United States Postal Service

Click-N-Ship: The Online Shipping Solution

Click-N-Ship has just made on line shipping with the USPS even better.

New Enhanced International Label and Customs Form: Updated Look and Easy to Use!

* * * * * * * *

This is a post-only message. Please do not respond
The malicious payload is at [donotclick]euronotedetector.net/detects/updated_led-concerns.php hosted on the familiar IP address of 222.238.109.66 (Hanaro Telecome, Korea) which has been used in several recent attacks.

The following malicious domains are on the same IP:
kendallvile.com
seoseoonwe.com
alphabeticalwin.com
ehadnedrlop.com
bestwesttest.com
prepadav.com
masterseoprodnew.com
cocolspottersqwery.com
teamrobotmusic.net
shininghill.net
africanbeat.net
euronotedetector.net



No comments: