Sponsored by..

Tuesday 5 March 2013

Sendspace spam / forumkianko.ru

This fake Sendspace spam leads to malware on forumkianko.ru:

Date:      Tue, 5 Mar 2013 06:52:10 +0100
From:      AyanaLinney@[redacted]
Subject:      You have been sent a file (Filename: [redacted]-51153.pdf)

Sendspace File Delivery Notification:

You've got a file called [redacted]-01271.pdf, (797.4 KB) waiting to be downloaded at sendspace.(It was sent by DEON VANG).

You can use the following link to retrieve your file:

Download Link

The file may be available for a limited time only.

Thank you,

sendspace - The best free file sharing service.

Please do not reply to this email. This auto-mailbox is not monitored and you will not receive a response.

The malicious payload is at [donotclick]forumkianko.ru:8080/forum/links/column.php (report here) hosted on: (Hetzner, Germany) (NTT America, US) (Chungwa Telecom, Taiwan)

These IPs are the same as used in this attack.

1 comment:

unixfreaxjp said...

Hello Conrad,

The payload off this infections:


Are posted in:
Analysis PoC: http://pastebin.com/raw.php?i=4mxbVY0B
Payload Snapshot PoC: http://urlquery.net/report.php?id=1268437
Virus Total: a7a2e20afb5d04ea9798e21559d6cbbe575785d6d9d00c0693ae90a299d8d405