Date: Tue, 14 May 2013 15:29:24 -0500 [05/14/13 16:29:24 EDT]The link in the email goes through a legitimate hacked site and then ends up on a malware landing page at [donotclick]otophone.net/news/appreciate_trick_hanging.php (report here) hosted on the following IPs:
From: Facebook [notification+LTFS15RDTR@facebookmail.com]
Subject: Jonathan Rogers wants to be friends on Facebook
Jonathan Rogers wants to be friends with you on Facebook Facebook.
Jonathan Rogers
1083 friends · 497 photos · 2 notes · 1535 Wall posts
Confirm Friend Request
See All Requests
This message was sent to dynamoo@spamcop.net. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 417 P.O Box 10005 Palo Alto CA 96303
36.224.16.74 (Chunghwa Telecom, Taiwan)
108.5.125.134 (Verizon, US)
198.61.147.58 (Matt Martin Real Estate Management / Rackspace, US)
The WHOIS details are characteristic of the "Amerika" series of malware spams.
MURNANE, LARRY samyidea@yahoo.com
690 West B
SAN DIEGO, CA 92101
US
+1.8588695411
Blocklist:
36.224.16.74
108.5.125.134
198.61.147.58
contonskovkiys.ru
curilkofskie.ru
exrexycheck.ru
fenvid.com
gangrenablin.ru
gatareykahera.ru
janefgort.net
klosotro9.net
mortolkr4.com
nopfrog.pw
otophone.net
peertag.com
pinformer.net
priorityclub.pl
smartsecurity-app.com
zonebar.net
No comments:
Post a Comment