This spam leads to malware on ganiopatia.ru:
Date: Mon, 26 Nov 2012 02:31:10 -0500
From: [email protected]
Subject: RE: ALINA – Copies of Policies.Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.ALINA Prater,
==========
Date: Mon, 26 Nov 2012 02:26:33 +0300
From: [email protected]
Subject: RE: ALISHIA – Copies of Policies.Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,and a copy of the most recent schedule.
ALISHIA Gee,
==========
From: [email protected]
Sent: 26 November 2012 08:42
Subject: RE: MARCELLE – Copies of Policies.Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,and a copy of the most recent schedule.
MARCELLE SPENCE,
==========
From: [email protected]
Sent: 26 November 2012 07:54
Subject: RE: KASSIE – Copies of Policies.Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.KASSIE ROMANO,
The malicious payload is at [donotclick]ganiopatia.ru:8080/forum/links/column.php hosted on the following IPs:
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
208.87.243.131 (Psychz Networks, US)
Note that ganalionomka.ru is also on the same cluster of servers and will also be malicious. These IP addresses have been used for malware several times, blocking access to them would be a good idea.
Leave a reply
