The Latest in IT Security

American Express spam / dozakialko.ru

16
Jan
2013

This fake AmEx spam leads to malware on dozakialko.ru:

Sent: 16 January 2013 02:22
Subject: American Express Alert: Your Transaction is Aborted

 Your Wed, 16 Jan 2013 01:22:07 -0100 Incoming Transfer is Terminated



Valued, $5203

Your American Express Card account retired ZUE36213 with amount of 5070 USD.
Transaction Time:Wed, 16 Jan 2013 01:22:07 -0100
Payment Due Date:Wed, 16 Jan 2013 01:22:07 -0100

One small way to help the environment – get paperless statements
Review billing
statement
Issue a payment
Change notifications
options


You currently reading the LIMITED DATA version of the Statement-Ready Information.
Switch to the DETAILED DATA version.

Thank you for your Cardmembership.


Sincerely,

American Express Information center
________________________________________
The malicious payload is at [donotclick]dozakialko.ru:8080/forum/links/column.php (report here) hosted on the following IPs:

89.111.176.125 (Garant-Park-Telecom, Russia)
91.224.135.20 (Proservis UAB, Lithunia)
212.112.207.15 (ip4 GmbH, Germany)

Plain list of IPs and related domains for copy-and-pasting:
89.111.176.125
91.224.135.20
212.112.207.15
dekamerionka.ru
dmssmgf.ru
dmpsonthh.ru
dmeiweilik.ru
belnialamsik.ru
demoralization.ru
dumarianoko.ru
dimanakasono.ru
bananamamor.ru
dozakialko.ru

Leave a reply


Categories

TUESDAY, OCTOBER 16, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks