The Latest in IT Security

“Scan from a Hewlett-Packard ScanJet” malware / doosdkdkjsjdfo.ru

14
Mar
2012

This old attack again, a malicious email with an attachment leading to doosdkdkjsjdfo.ru

Date:      Wed, 14 Mar 2012 12:31:50 +0530
From:      [email protected]
Subject:      Re: Fwd: Scan from a Hewlett-Packard ScanJet 297552
Attachments:     HP_Scanjet-14-626146.htm

Attached document was scanned and sent

to you using a Hewlett-Packard ScanJet 93988PP.

SENT BY: Teagan
PAGES : 2
FILETYPE: .HTML [Internet Explorer File]

The malware is on doosdkdkjsjdfo.ru:8080/images/aublbzdni.php, which is multihomed on a subset of the IPs in this other recent attack. A Wepawet report can be found here.

62.85.27.129 (Microlink Latvia Ltd, Latvia)
89.218.55.51 (Kazakhtelecom, Kazakhstan)
95.156.232.102 (Optimate-Server, Germany)
111.93.161.226 (Tata Teleservices, India)
118.97.9.60 (Telekomunikasi, Indonesia)
125.19.103.198 (Bharti Infotel, India)
190.81.107.70 (Telmex, Peru)
200.169.13.84 (Century Telecom Ltda, Brazil)
210.56.23.100 (Commission for Science and Technology, Pakistan)
210.109.108.210 (Sejong Telecom, Korea)
211.44.250.173 (SK Broadband Co Ltd, Korea)
219.94.194.138 (Sakura Internet Inc, Japan)

Plain list for copy-and-pasting:
62.85.27.129
89.218.55.51
95.156.232.102
111.93.161.226
118.97.9.60
125.19.103.198
190.81.107.70
200.169.13.84
210.56.23.100
210.109.108.210
211.44.250.173
219.94.194.138

Leave a reply


Categories

SUNDAY, DECEMBER 17, 2017

Featured

Archives

Latest Comments

Social Networks