The Latest in IT Security

Wire Transfer spam / webmoniacs.ru

03
Nov
2012


This fake wire transfer spam leads to malware on webmoniacs.ru:

Date:      Fri, 2 Nov 2012 06:23:10 +0700
From:      “[email protected]” [[email protected]]
Subject:      RE: Wire Transfer cancelled

Dear Sirs,

The Wire transfer was canceled by the other bank.

Canceled transaction:

FED REFERENCE NUMBER: 628591160ACH34584

Transaction Report: View

The Federal Reserve Wire Network

The malicious payload is at [donotclick]webmoniacs.ru:8080/forum/links/column.php hosted on:
65.99.223.24 (RimuHosting, US)
203.80.16.81 (MYREN, Malaysia)
209.51.221.247 (eNet, US)

The following IPs and domain are all connected and should be blocked:
50.22.102.132
62.76.186.190
65.99.223.24
68.67.42.41
79.98.27.9
84.22.100.108
85.143.166.170
132.248.49.112
203.80.16.81
209.51.221.247
213.251.171.30
denegnashete.ru
dianadrau.ru
donkihotik.ru
fidelocastroo.ru
finitolaco.ru
fionadix.ru
forumibiza.ru
kiladopje.ru
lemonadiom.ru
manekenppa.ru
panacealeon.ru
panalkinew.ru
pionierspokemon.ru
ponowseniks.ru
rumyniaonline.ru
webmoniacs.ru
windowonu.ru

Leave a reply


Categories

MONDAY, NOVEMBER 20, 2017

Featured

Archives

Latest Comments

Social Networks