The past couple of days have seen a lot of identical “Intuit.com” spam runs. Another one is starting up today with a malicious payload on migdaliasbistro.net hosted on 220.127.116.11 (Solidhost, Netherlands) and 18.104.22.168 (Dynamic ADSL, Egypt)
In particular, malware can be found at:
There’s a Wepawet report here.
There are several potentially malicious sites on this server. Blocking the IP address should protect against other evil domains:
Leave a reply