Active domains in this new attack seem to be as follows, new ones are in bold.
- beyry.ru
- cb3f.ru
- cnld.ru
- iopc4.ru
- iopoe.ru
- jetp6.ru
- loopk.ru
- netr2.ru
- okcd.ru
- nucop.ru
- port04.ru
- ueur3.ru
- vj64.ru
Subject: hey
From: "hvgoxscw"
Date: Sun, August 10, 2008 7:59 pm
You have 2 options here,
Option 1 - You can put ANY text you want in here.
Option 2 - We will fill it in with the text only portion of the
html message if you put the macro for you: [url removed]
in here.
NOTE: Some email clients don't disply html data. In that case what you
put here will be seen by the recipient. If the email client does
display html data then this will NOT be seen by the recipient.
Based on this you may wish to put a text version of your add here;
however, you can also put some macros here to make the message
more random.
Subject: Hey, take a look!!In this case the target file to download is msgr8.5us.exe, VirusTotal detection is pretty good.
From: "Yahoo Daily News"
Hello friend !
You have just received a yahoo messenger ultimate version !!
Click Download Now to begin downloading and installing Yahoo Messenger ultimate version 10 ver 10.1
1. Download Now Click Download Now to begin downloading and installing Yahoo! Messenger ultimate version 10.
ver. 10.1
2. When prompted, please click the Run button in each window that appears.
Other versions: XP (9.0 Beta), Vista, Mac, Web, Mobile
Thank you for using our services !!!
Please take this opportunity to let your friends use about this new software by sending them the source.
Copyright © 2008 Yahoo! Inc. All rights reserved. Copyright/IP Policy | Terms of Service |Guide to Online Security
Relevant advertising creates a better web experience. See how
NOTICE: We collect personal information on this site.
To learn more about how we use your information, see our Privacy Policy
Subject: LOAN OFFERAlthough this particular one is pretty laughable, it is likely that the scammers will get better at it. Beware of unsolicited loan offers and remember that all fees and interest will come out of your repayments, not from an up front fee.
From: ramanks@hathway.com
Date: Thu, July 31, 2008 8:14 pm
Priority: Normal
Dear Customer
We are corporate lenders. we give out loans to
A very honest and reliable personalities. we give
out our loans at low interest rate and moderate
values as cheap as 3% rate. Because of scam
we tender our qualifications if it satisfies, you
can continue with the transaction, but if you are
not satisfied you can go to another lender.
Channel your response to this email.
thomassteve2@gmail.com
Greatest Regards
Marketing Manager
Mr Thomas Steve.
%windows%\minidump\mini072908-01.dmpAs you can see, yesterday's date in encoded into the .dmp files. If your computer system has generated a .dmp file in the past day, then PestPatrol may well be mis-detecting it.
%windows%\minidump\mini072908-02.dmp
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.com
Domain Name: ZVZ.CC
Registrant:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Creation Date: 09-Apr-2008
Expiration Date: 09-Apr-2009
Domain servers in listed order:
ns2.zvz.cc
ns1.zvz.cc
Administrative Contact:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Technical Contact:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Billing Contact:
Himpet .Inc
Evgenij Novoberkov (zvz@tut.by)
Stahanov.St 120
Minsk
Missouri,222120
US
Tel. +022.2720771
Status:ACTIVE