Sponsored by..

Thursday, 11 April 2013

Changelog spam / juliaroberzs.ru

This spam leads to malware on juliaroberzs.ru:

Date:      Thu, 11 Apr 2013 02:46:13 +0100
From:      Mayola Phipps via LinkedIn [member@linkedin.com]
Subject:      Re: changelog UPD.
Attachments:     changelog.htm

Good morning,

as promised changelog is attached (Internet Explorer format)



The attachment changelog.htm leads to a malicious landing page at [donotclick]juliaroberzs.ru:8080/forum/links/column.php  (report here) hosted on some familiar IPs:
91.191.170.26 (Netdirekt, Turkey)
185.5.185.129 (Far-Galaxy Networks, Germany)
188.65.178.27 (Melbourne Server Hosting, UK)

Blocklist:
91.191.170.26
185.5.185.129
188.65.178.27
ifikangloo.ru
ifinaksiao.ru
ighjaooru.ru
igionkialo.ru
ijsiokolo.ru
illuminataf.ru
imanraiodl.ru
itriopea.ru
ivanikako.ru
izamalok.ru
izjianokr.ru
iztakor.ru
jamiliean.ru
jamtientop.ru
janasika.ru
jonahgkio.ru
judianko.ru
judianko.ru
juhajuhaa.ru
juhajuhaa.ru
juliaroberzs.ru
jundaio.ru
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)