This fake spam leads to malware on ghanarpower.net:
Date: Mon, 2 Jul 2012 16:54:15 +0200
From: “Cornelius Meyers” <notify@aa.globalnotifications.com>
Subject: Online American Airlines receipt.
Record Locator: MWNMLPDate of Issue: 2JULY12
Thank you for choosing American Airlines / American Eagle, a member of the oneworld� Alliance.
This receipt is for the purchase of your Preferred Seat(s) which are detailed on your itinerary and receipt confirmation.
If you have any questions regarding your reservations, please call 1-800-433-7300 or visit www.aa.com.
Record Locator: MWNMLPPASSENGER
CHADBOURN HAWLEY
DOCUMENT NUMBER / DATE
0010634774011/2JULY12
DESCRIPTION
PREFERRED SEATS
AMOUNT
17.67 USD
TAX
1.33
TOTAL
19.00 USDPayment Type: Visa XXXXXXXXXXXX1392 Total: $19.00
================
Date: Mon, 2 Jul 2012 17:59:25 +0430
From: “Spencer Hurley” <notify@aa.globalnotifications.com>
Subject: Preferred seat purchase receipt.
Record Locator: XTSPJIDate of Issue: 2JULY12
Thank you for choosing American Airlines / American Eagle, a member of the oneworld� Alliance.
This receipt is for the purchase of your Preferred Seat(s) which are detailed on your itinerary and receipt confirmation.
If you have any questions regarding your reservations, please call 1-800-433-7300 or visit www.aa.com.
Record Locator: XTSPJIPASSENGER
CHADBOURN HAWLEY
DOCUMENT NUMBER / DATE
0010634774011/2JULY12
DESCRIPTION
PREFERRED SEATS
AMOUNT
17.67 USD
TAX
1.33
TOTAL
19.00 USDPayment Type: Visa XXXXXXXXXXXX1293 Total: $19.00
The malicious payload is the same as used in this attack – blocking it and the related IPs and domains is probably wise.
Leave a reply
