Sponsored by..

Wednesday 20 March 2013

"End of Aug. Statement" spam / hifnsiiip.ru

This fake invoice spam leads to malware on hifnsiiip.ru:

Date:      Wed, 20 Mar 2013 05:41:44 +0100
From:      LinkedIn Connections [connections@linkedin.com]
Subject:      Re: FW: End of Aug. Statement
Attachments:     Invoices-AS9927.htm

Good morning,

as reqeusted I give you inovices issued to you per dec. 2012 ( Internet Explorer file)

Regards
The attached Invoices-AS9927.htm file attempts to direct the victim to a malicious landing page [donotclick]hifnsiiip.ru:8080/forum/links/column.php (report here) hosted on:

50.22.0.2 (SoftLayer, US)
109.230.229.156 (High Quality Server, Germany)
188.165.202.204 (OVH, France)

Recommended blocklist:
50.22.0.2
109.230.229.156
188.165.202.204
foruminanki.ru
forumla.ru
forumny.ru
giimiiifo.ru
giliaonso.ru
gimiiiank.ru
giminaaaao.ru
giminanvok.ru
giminkfjol.ru
gulivaerinf.ru
gxnaika.ru
hentaimusika.ru
hifnsiiip.ru
himalayaori.ru
hiskintako.ru

No comments: