The Latest in IT Security

“Copies of Policies” spam / podarunoki.ru

01
Dec
2012


This spam leads to malware on podarunoki.ru:

Date:      Fri, 30 Nov 2012 04:54:30 -0300
From:      Jone Castaneda via LinkedIn [[email protected]]
Subject:      RE: Leonie – Copies of Policies.

Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.

Here is the Package and Umbrella,

and a copy of the most recent schedule.

Leonie Doyle,

==========

Date:      Fri, 30 Nov 2012 02:32:21 -0400
From:      [email protected][victimdomain].com
Subject:      RE: Samson – Copies of Policies.

Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.

Here is the Package and Umbrella,

and a copy of the most recent schedule.

Samson Henry,

The malicious payload is at [donotclick]podarunoki.ru:8080/forum/links/column.php hosted on some familiar IP addresses which should be blocked if you can:

202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)

The following domains are also on the same servers:
gurmanikia.ru
ganiopatia.ru
ganalionomka.ru
genevaonline.ru
podarunoki.ru
binaminatori.ru
ganadeion.ru
dimarikanko.ru
delemiator.ru

Leave a reply


Categories

THURSDAY, SEPTEMBER 21, 2017

Featured

Archives

Latest Comments

Social Networks