Dynamoo's Blog: HP ScanJet spam / 202.72.245.146

Thursday, 14 February 2013

HP ScanJet spam / 202.72.245.146

This fake printer spam leads to malware on 202.72.245.146:

Date:     Thu, 14 Feb 2013 10:10:56 +0000
From:     AntonioShapard@hotmail.com
Subject:     Fwd: Re: Scan from a Hewlett-Packard ScanJet #6293
Attachments:     HP_Document.htm

Attached document was scanned and sent

to you using a HP A-32347P.

SENT BY : TRISH
PAGES : 3
FILETYPE: .HTML [INTERNET EXPLORER/MOZILLA FIREFOX]

=================

Date:     Thu, 14 Feb 2013 06:07:00 -0800
From:     LinkedIn Password [password@linkedin.com]
Subject:     Fwd: Scan from a Hewlett-Packard ScanJet 83097855
Attachments:     HP_Document.htm

Attached document was scanned and sent

to you using a HP A-775861P.

SENT BY : CARLINE
PAGES : 4
FILETYPE: .HTML [INTERNET EXPLORER/MOZILLA FIREFOX]

The malicious payload is on [donotclick]202.72.245.146:8080/forum/links/column.php (report here) which is a familiar IP address belonging to Railcom in Mongolia. The following malicious websites are also active on the same server:
enakinukia.ru
dekamerionka.ru
evskindarka.ru
exibonapa.ru
esigbsoahd.ru
dmssmgf.ru
epianokif.ru
elistof.ru
dmpsonthh.ru
esekundi.ru
egihurinak.ru
exiansik.ru
ewinhdutik.ru
efjjdopkam.ru
eipuonam.ru
emaianem.ru
disownon.ru
estipaindo.ru
ejiposhhgio.ru
epilarikko.ru
damagalko.ru
emalenoko.ru
epiratko.ru
evujalo.ru
bananamamor.ru
eminakotpr.ru
dfudont.ru

Dynamoo's Blog

Link List

Sponsored by..

Thursday, 14 February 2013

HP ScanJet spam / 202.72.245.146

No comments: