This spam leads to malware on ewinhdutik.ru:Date: Thu, 14 Feb 2013 07:16:28 -0500
From: "Korbin BERG" [ConnorAlmeida@telia.com]
Subject: RE: Korbin - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
Korbin BERG,
======================
Date: Thu, 14 Feb 2013 03:30:52 +0530
From: Tagged [Tagged@taggedmail.com]
Subject: RE: KESHIA - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
KESHIA LEVINE,
The malicious payload is at [donotclick]ewinhdutik.ru:8080/forum/links/column.php (report here) hosted on the same IP addresses as this attack we saw earlier.
91.121.57.231 (OVH, France)
195.210.47.208 (PS Internet, Kazakhstan)
202.72.245.146 (Railcom, Mongolia)
No comments:
Post a Comment