Despite a whole pile of Redret malware spam at the end of the year, the past couple of weeks have been very quiet. However, a new campaign has started up directing visitors via a hacked legitimate site to ckredret.ru/main.php which is hosted on 203.170.193.102 (IDC Cyberworld, Thailand).
Date: Tue, 9 Jan 2012 08:33:24 +0700
From: sales1@victimdomain.com
Subject: Re: Your Flight N US966-282315527Dear Customer,
FLIGHT NUMBER 5821-5704164
DATE/TIME : JANUARY 23, 2011, 16:12 PM
ARRIVING AIRPORT: WASHINGTON DC INT. AIRPORT
PRICE : 552.06 USD
Download your ticket here:
VIEW
KAYCEE Ramirez,
American Airlines
Right at the moment the site is failing to resolve, but that could simply be a loading issue. Blocking the 203.170.193.102 IP address would be a good idea as it will stop any other malicious sites on the same server.
Leave a reply
