Sponsored by..

Friday 28 February 2014

Companies House "FW: Case - 6569670" spam

This fake Companies House spam leads to malware:

From:     Companieshouse.gov.uk [web-filing@companies-house.gov.uk]
Date:     28 February 2014 12:55
Subject:     Spam FW: Case - 6569670


A company complaint was submitted to Companies House website.

The submission number is 6569670

For more details please click : https://companieshouse.gov.uk/Case?=6569670

Please quote this number in any communications with Companies House.

All Web Filed documents are available to view / download for 10 days after their
original submission. However it is not possible to view copies of accounts that
were downloaded as templates.

Companies House Executive Agency may use information it holds to prevent
and detect fraud. We may also share such information, for the same purpose,
with other organisations that handle public funds.

If you have any queries please contact the Companies House Contact Centre
on +44 (0)303 1234 500 or email enquiries@companies-house.gov.uK


Note: This email was sent from a notification-only email address which cannot
accept incoming email. Please do not reply directly to this message.

Companies House
4 Abbey Orchard Street
Westminster
London
SW1P 2HT
Tel +44 (0)303 1234 500

The link in the email goes to:
[donotclick]economysquareshoppingcenter.com/izmir/index.html
in turn this runs one or more of the following scripts:
[donotclick]homedecorgifts.biz/outfitted/mascara.js
[donotclick]www.coffeemachinestorent.co.uk/disusing/boas.js
[donotclick]citystant.com/trails/pulitzer.js
[donotclick]rccol.pytalhost.de/turban/cupped.js
which in turn leads to a payload site at:
[donotclick]digitec-brasil.com.br/javachecker.php?create=3019&void-cat=4467&first-desk=9002

According to this URLquery report, the payload site has some sort of Java exploit.

Recommended blocklist:
digitec-brasil.com.br
homedecorgifts.biz
coffeemachinestorent.co.uk
citystant.com
rccol.pytalhost.de

No comments: