The Latest in IT Security

“Arch Coal Corp” spam lead to malware / coajsfooioas.ru and tuberkulesneporok.ru

14
Feb
2012

A slightly different spam from the usual Xerox rubbish, but with a similar malicious payload.. this time on the domains coajsfooioas.ru and tuberkulesneporok.ru.

Date:      Tue, 13 Feb 2012 04:59:42 +0900
From:      “DELL AVILES” Arch Coal Corp . [[email protected]]
Subject:      Re: Intercompany inv. from Arch Coal Corp.
Attachments:     Invoice_02_7_h158329.htm

Good day

Attached the intercompany inv. for the period Dec. 2011 til Jan.. 2012.

Thanks a lot for supporting this process

DELL AVILES

Arch Coal Corp. 

The obfuscated javascript in the attachment attempts to download malicious code from coajsfooioas.ru:8080/images/aublbzdni.php followed by more code from tuberkulesneporok.ru:8080/images/jw.php?i=8 (Wepawet report here).

These domains are multihosted on the same IPs as listed here. Blocking access to those IPs should stop further malware attacks from being successful.

Leave a reply


Categories

THURSDAY, JANUARY 23, 2020
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments