Despite a whole pile of Redret malware spam at the end of the year, the past couple of weeks have been very quiet. However, a new campaign has started up directing visitors via a hacked legitimate site to ckredret.ru/main.php which is hosted on 220.127.116.11 (IDC Cyberworld, Thailand).
Date: Tue, 9 Jan 2012 08:33:24 +0700
From: [email protected]
Subject: Re: Your Flight N US966-282315527
FLIGHT NUMBER 5821-5704164
DATE/TIME : JANUARY 23, 2011, 16:12 PM
ARRIVING AIRPORT: WASHINGTON DC INT. AIRPORT
PRICE : 552.06 USD
Download your ticket here:
Right at the moment the site is failing to resolve, but that could simply be a loading issue. Blocking the 18.104.22.168 IP address would be a good idea as it will stop any other malicious sites on the same server.
Leave a reply