Date: Thu, 27 Jun 2013 12:39:36 -0430 [13:09:36 EDT]The link in the email goes through a legitimate hacked site and then on to [donotclick]sartorilaw.net/news/source_fishs.php (report here) hosted on the following IPs:
From: customerservice@emalsrv.officeworldmail.net
Subject: Confirmation notification for order 1265953
Thank you for choosing OfficeWorld.com - the world's biggest selection of business products!
Please review your order details below. If you have any questions, please Contact Us
Helpful Tips:
--------------------------------------------------------------------
- Please SAVE or PRINT this confirmation for your records.
- ORDER STATUS is available online! Login and click "My Orders" to obtain UPS tracking information, etc.
- If you skipped registration, or forgot your password, simply enter your Login ID (normally your full e-mail address) and click [ forgot password ] to access your account.
--------------------------------------------------------------------
Order: 1265953
Date: 6/27/2013
Ship To: My Default
Credit Card: MasterCard
Product Qty Price Unit Extended
--------------------------------------------------------------------
HEWCC392A 1 $9703.09 EA $15.15
AVE5366 1 $27.49 BX $27.49
SAF3081 2 $56.29 EA $112.58
Product Total: $9855.22
--------------------------------------------------------------------
Total: $9855.22
OfficeWorld.com values your business!
77.240.118.69 (Acens Technologies, Spain)
78.108.86.169 (Majordomo LLC, Russia)
89.248.161.148 (Ecatel, Netherlands)
108.177.140.2 (Nobis Technology Group, US)
Recommended blocklist:
77.240.118.69
78.108.86.169
89.248.161.148
108.177.140.2
afabind.com
chinadollars.net
condalnuashyochetto.ru
ejoingrespubldpl.ru
gindonszkjchaijj.ru
greli.net
gstoryofmygame.ru
meynerlandislaw.net
oydahrenlitutskazata.ru
reveck.com
sartorilaw.net
sendkick.com
spanishafair.com
No comments:
Post a Comment