This fake wire transfer spam leads to malware on fulinaohps.ru:Date: Wed, 20 Feb 2013 04:28:14 +0600The malicious payload is at [donotclick]fulinaohps.ru:8080/forum/links/column.php (report here) hosted om the following IPs:
From: accounting@[victimdomain]
Subject: Fwd: ACH and Wire transfers disabled.
Dear Online Account Operator,
Your ACH transactions have been
temporarily disabled.
View details
Best regards,
Security department
84.23.66.74 (EUserv Internet, Germany)
195.210.47.208 (PS Internet Company, Kazakhstan)
210.71.250.131 (Chungwa Telecom, Taiwan)
These are the same IPs as used in this attack, you should block them if you can.
No comments:
Post a Comment