The Latest in IT Security

“Copies of Policies” spam / podarunoki.ru

01
Dec
2012


This spam leads to malware on podarunoki.ru:

Date:      Fri, 30 Nov 2012 04:54:30 -0300
From:      Jone Castaneda via LinkedIn [[email protected]]
Subject:      RE: Leonie – Copies of Policies.

Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.

Here is the Package and Umbrella,

and a copy of the most recent schedule.

Leonie Doyle,

==========

Date:      Fri, 30 Nov 2012 02:32:21 -0400
From:      sales1@[victimdomain].com
Subject:      RE: Samson – Copies of Policies.

Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.

Here is the Package and Umbrella,

and a copy of the most recent schedule.

Samson Henry,

The malicious payload is at [donotclick]podarunoki.ru:8080/forum/links/column.php hosted on some familiar IP addresses which should be blocked if you can:

202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)

The following domains are also on the same servers:
gurmanikia.ru
ganiopatia.ru
ganalionomka.ru
genevaonline.ru
podarunoki.ru
binaminatori.ru
ganadeion.ru
dimarikanko.ru
delemiator.ru

Related posts:
  1. “Copies of Policies” spam / ganiopatia.ru
  2. UPS Spam / emmmhhh.ru
  3. Worm Creates Copies in Password-Protected Archived Files
  4. Bogus Windows License Spam is in the Wild
  5. Microsoft changes policies for snooping on Outlook.com accounts

Tags:  
Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

FRIDAY, APRIL 26, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments