The Latest in IT Security

CNN.com Boston Marathon spam / thesecondincomee.com

18
Apr
2013

This Boston Marathon themed spam leads to malware on thesecondincomee.com:

Example 1:

Date:      Wed, 17 Apr 2013 10:32:18 -0600 [12:32:18 EDT]
From:      CNN Breaking News [[email protected]]
Subject:      Opinion: Boston Marathon Explosions – Obama Benefits? – CNN.com   
     
CNN.com    
Powered by    
* Please note, the sender’s email address has not been verified.
            
You have received the following link from [email protected]:    
           
Click the following to access the sent link:
            
Boston Marathon Explosions – Obama Benefits? – CNN.com*
                 
SAVE THIS link     FORWARD THIS link
           
Get your EMAIL THIS Browser Button and use it to email content from any Web site. Click here for more information.
     
     
*This article can also be accessed if you copy and paste the entire address below into your web browser.
by clicking here

Example 2:

Date:      Wed, 17 Apr 2013 22:32:56 +0600
From:      [email protected]
Subject:      Opinion: Boston Marathon Explosions – North Korea trail or Osama Legacy? – CNN.com
   
Powered by    
* Please note, the sender’s email address has not been verified.
   
You have received the following link from [email protected]:    
   
Click the following to access the sent link:
   
Boston Marathon Explosions – North Korea trail or Osama Legacy? – CNN.com*
   
Get your EMAIL THIS Browser Button and use it to email content from any Web site. Click here for more information.
       
*This article can also be accessed if you copy and paste the entire address below into your web browser.
by clicking here


The malicious payload is at [donotclick]thesecondincomee.com/news/agency_row_fixed.php hosted on:
94.249.206.117 (GHOSTnet, Germany)
155.239.247.247 (Centurion Telkom, South Africa)
173.234.239.60 (Nobis Technology Group, US)

The recommended blocklist is the same as used in this earlier attack.
65.34.160.10
94.249.206.117
155.239.247.247
173.234.239.60
airtrantran.com
basic-printers.com
bbb-complaint.org
buyersusaremote.net
condalinaradushko.ru
conficinskiy.ru
confideracia.ru
coretec.pl
cormoviesutki.ru
dailypost.pl
dataprocessingservice-alerts.com
dataprocessingservice-reports.com
dyntic.com
elmara.ru
excuticoble.ru
fenvid.com
freedblacks.net
fxtv.pl
gardeningexplains.biz
gatoversignie.ru
hurienothing.ru
independinsy.net
janefgort.net
klosotro9.net
miniscule.pl
nulio.ru
programcam.ru
ricepad.net
seantit.ru
securitysmartsystem.com
techzoom.pl
thesecondincomee.com

Related posts:
  1. “Boston Marathon” spam / askmeaboutcctv.com
  2. Cruel Boston Marathon spam lures users to exploit pages
  3. Boston Marathon Bombing Used in Malicious Spam Campaign
  4. Shameless malware distribution abuses Texas explosion and Boston Marathon Attack
  5. KELIHOS Worm Emerges, Takes Advantage of Boston Marathon Blast

Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

THURSDAY, APRIL 25, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments