This fake AmEx spam leads to malware on dozakialko.ru:
Sent: 16 January 2013 02:22The malicious payload is at [donotclick]dozakialko.ru:8080/forum/links/column.php (report here) hosted on the following IPs:
Subject: American Express Alert: Your Transaction is Aborted
Your Wed, 16 Jan 2013 01:22:07 -0100 Incoming Transfer is Terminated
Valued, $5203
Your American Express Card account retired ZUE36213 with amount of 5070 USD.
Transaction Time:Wed, 16 Jan 2013 01:22:07 -0100
Payment Due Date:Wed, 16 Jan 2013 01:22:07 -0100
One small way to help the environment – get paperless statements
Review billing
statement
Issue a payment
Change notifications
options
You currently reading the LIMITED DATA version of the Statement-Ready Information.
Switch to the DETAILED DATA version.
Thank you for your Cardmembership.
Sincerely,
American Express Information center
________________________________________
89.111.176.125 (Garant-Park-Telecom, Russia)
91.224.135.20 (Proservis UAB, Lithunia)
212.112.207.15 (ip4 GmbH, Germany)
Plain list of IPs and related domains for copy-and-pasting:
89.111.176.125
91.224.135.20
212.112.207.15
dekamerionka.ru
dmssmgf.ru
dmpsonthh.ru
dmeiweilik.ru
belnialamsik.ru
demoralization.ru
dumarianoko.ru
dimanakasono.ru
bananamamor.ru
dozakialko.ru
Leave a reply
