The Latest in IT Security

“Fwd: Wire Transfer (9579GQ518) ” spam / forumanarhist.ru

19
Jul
2012

This fake wire transfer spam leads to malware at forumanarhist.ru:

Date:      Thu, 19 Jul 2012 02:56:36 -0400
From:      [email protected]
Subject:      Fwd: Wire Transfer (9579GQ518)
Attachments:     Wire_AMBA01-Rejected.htm

Dear Operator,

WIRE N: FD-1059598546520289

STATUS: REJECTED

You can find details in the attached file.

The malicious attachment is named Wire_AMBA01-Rejected.htm and contains a redirector to [donotclick]forumanarhist.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here)

That site is multhomed at the following IPs:
78.83.233.242
203.80.16.81
213.17.171.186

There are some additional IPs and domains that can be found in this post that should also be blocked.

Leave a reply


Categories

SUNDAY, FEBRUARY 25, 2018

Featured

Archives

Latest Comments

Social Networks