The past couple of days have seen a lot of identical “Intuit.com” spam runs. Another one is starting up today with a malicious payload on migdaliasbistro.net hosted on 126.96.36.199 (Solidhost, Netherlands) and 188.8.131.52 (Dynamic ADSL, Egypt)
In particular, malware can be found at:
There’s a Wepawet report here.
There are several potentially malicious sites on this server. Blocking the IP address should protect against other evil domains:
Leave a reply