Dynamoo's Blog

Malware, spam, scams and random stuff, by Conrad Longmore.

Tuesday, 28 August 2012

"QuickBooks Security Update" spam / roadmateremove.org

This fake Intuit spam leads to malware on roadmateremove.org : Date : Tue, 28 Aug 2012 11:04:30 -0400 From : "Intuit P...

Monday, 27 August 2012

"Federal Tax Payment" spam / videomanipulationccflbacklit.pro

This spam attempts to load malware from videomanipulationccflbacklit.pro although at the moment the domain is not resolving: Date: ...

Malware sites to block 27/8/12

A small bunch of IPs and domains spotted in recent malicious spam campaigns that you might want to block.. 24.171.200.91 50.116.38.138 8...

Friday, 17 August 2012

UPS "End of Aug. Stat. Required" Spam / panalki.ru

This fake UPS spam leads to malware on panalki.ru: Date: Fri, 17 Aug 2012 06:50:08 -0400 From: "Global Express" [u...

Thursday, 16 August 2012

"Scan from a Hewlett-Packard ScanJet" spam / anapoli.ru

More fake printer spam, this time leading to malware on anapoli.ru : Date: Thu, 16 Aug 2012 12:20:25 +0500 From: Mariah Gun...

Wednesday, 15 August 2012

mskoblastionline.ru - malicious spam goes nuts

The malicious spam pushers are trying very hard today to drive traffic to their malware site on mskoblastionline.ru with a variety of fam...

Tuesday, 14 August 2012

"Federal Tax" spam / wireframeglee.info

This tax-themed spam leads to malware on wireframeglee.info : Date: Tue, 14 Aug 2012 15:21:33 +0200 From: "Internal Re...

"We can not charge your credit card" spam / kefrikin.ru

This spam pretends to be from Amazon. Or UPS. Or perhaps both. Anyway, it leads to malware on kefrikin.ru : Date: Tue, 14 Aug 20...

Monday, 13 August 2012

Even more malware sites to block on 194.28.115.150

More evil sites to block on 194.28.115.150 ( Specialist ISP ) following on from these : idi42nga.rr.nu kprud89entia.rr.nu hin66gof.rr.nu...

"Scan from a Xerox WorkCentre Pro" spam / mirdymas.ru

This spam leads to malware on mirdymas.ru: From : messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.linkedin.com] On...

Something evil on 178.63.195.128/26

The IP address range 178.63.195.128/26 nominally belongs to grey hat host Hetzner in Germany, although it has been reallocated to a regist...

Sunday, 12 August 2012

More malware sites to block on 184.82.162.163 and 184.22.103.202

These domains are on 184.82.162.163 and 184.22.103.202, recently used in some injection attacks . local-dns.org lertionk15.be

More malware sites to block on 54.245.115.106

More bad stuff in Amazon's cloud, this time on 54.245.115.106 which already hosts these other malware sites . Block the IP if you can,...

More malware sites to block on 81.17.24.69

A follow up to this post , 81.17.24.69 (Private Layer Inc, Switzerland) now hosts some additional malware domains that you should block if ...

Friday, 10 August 2012

Intuit.com spam / ashanrestaurant.ru

This fake Intuit spam leads to malware on ashanrestaurant.ru : Date : Fri, 10 Aug 2012 09:03:06 -0300 From : Ashley Madison ...

"Verify your order" / yrikdhxzwo.org

This spam leads to malware on yrikdhxzwo.org: Date : Fri, 10 Aug 2012 13:43:57 +0200 From : "New order" [8A4EDCFB@...

Fake job domains 10/8/12

A bit of an oddity here - I noticed a marked uptick in people searching for very old fake job domains that had expired. It turns out that th...

wetter.com compromised? oseparatekines.net and 81.17.24.69

The weather site wetter.com is the 25th most popular site in Germany (and nukber 602 in the world) according to Alexa . Right at the mome...

Yet more malware sites to block on 194.28.115.150

Another batch of malware sites to block on 194.28.115.150 following on from these .. although to be franking, blocking access to 91.211.200....

Thursday, 9 August 2012

"Verify your order" spam / qapskhnxlfuc.info

This spam leads to malware on qapskhnxlfuc.info : Date : Thu, 09 Aug 2012 21:25:41 +0200 From : "New order" [30F5D...

View web version

Powered by Blogger.