Dynamoo's Blog: Wire Transfer spam / gimikalno.ru

Monday, 11 March 2013

Wire Transfer spam / gimikalno.ru

This fake wire transfer spam leads to malware on gimikalno.ru:

Date:     Mon, 11 Mar 2013 04:00:22 +0000 [00:00:22 EDT]
From:     Xanga [noreply@xanga.com]
Subject:     Re: Fwd: Wire Transfer Confirmation (FED REFERENCE 16442CU385)

Dear Bank Account Operator,
WIRE TRANSFER: FED62403611378975648
CURRENT STATUS: PENDING

Please REVIEW YOUR TRANSACTION as soon as possible.

The malicious payload is at [donotclick]gimikalno.ru:8080/forum/links/column.php (report here) hosted on:

5.9.40.136 (Hetzner, Germany)
66.249.23.64 (Endurance International Group, US)
94.102.14.239 (Netinternet, Turkey)

Blocklist:
5.9.40.136
66.249.23.64
94.102.14.239
212.180.176.4
117.104.150.170
41.72.150.100
gimikalno.ru
guuderia.ru
forum-la.ru
forumla.ru
gimalayad.ru
gosbfosod.ru
ginagion.ru
giliaonso.ru
forumilllionois.ru
forum-ny.ru
forumny.ru
forumkianko.ru

Dynamoo's Blog

Link List

Sponsored by..

Monday, 11 March 2013

Wire Transfer spam / gimikalno.ru

No comments: