The past couple of days have seen a lot of identical “Intuit.com” spam runs. Another one is starting up today with a malicious payload on migdaliasbistro.net hosted on 22.214.171.124 (Solidhost, Netherlands) and 126.96.36.199 (Dynamic ADSL, Egypt)
In particular, malware can be found at:
There’s a Wepawet report here.
There are several potentially malicious sites on this server. Blocking the IP address should protect against other evil domains:
Leave a reply