The Latest in IT Security promotes malware


From the WeAreSpammers blog:

This looks like a fake get-rich-quick scam email which is actually intended to distribute malware.

Originating IP is (OVH, Germany). Spamvertised domains are on (OVH, Germany) and on (Serverius Holding, Netherlands).

This last one is kind of interesting, because a) it’s all in French and b) it contains a virus. The malware attempts to download an exploit kit from [donotclick]
which is kind of unfriendly, hosted on the same IP address.

The WHOIS details show a completely different name and address from the one quoted on the email:

    Florence Buker
    [email protected]
    7043 W Avenue A4
    93536 Lancaster
    United States
    Tel: +1.4219588211

Clearly the owner of is up to no good, and I would suggest the Anthony Tomei connection might well be completely bogus.

From: Anthony Tomei [email protected]
Reply-To: [email protected]
To: [email protected]
Date: 14 November 2012 18:22
Subject: launch of

Dear Future Millionaire,

Making $100,000 per month is not hard. In fact, there are 2 ways you accomplish this easy task of making money in a short period of time.

The first way is to…

Click HERE for the complete article>

Anthony Tomei is an Expert Internet Network Marketer. Anthony is known as the Master Marketer and practically gives away all of his secrets, methods and marketing techniques.

This email was sent by Promotes Metasearch, 710 E. Steve Wariner Dr., Vancouver, BC g1x3h4
Click here to unsubscribe

You should probably regard the domain as compromised and blog it. Additionall, allt he following IPs and domains are related and a probably malicious.

Leave a reply





Latest Comments

Social Networks