The Latest in IT Security

Contract spam / chredret.ru

28
Dec
2011

Another fake “contract” spam leading to malware, hosted on chredret.ru .

Date:      Tue, 27 Dec 2011 06:06:18 +0700
From:      “Destinee Mills”
Subject:      The variant of the contract you’ve offered has been delcined.

After our legal department studied this contract carefully, they’ve noticed the following mismatches with our previous arrangements. We’ve composed a preliminary variant of the new contract, please study it and make sure that all the issues are matching your interests
NEW_Contract.doc 44kb

With best wishes
Destinee Mills

Another name used on the spam is “Ramiro Howell”, although there are probably hundreds of fake names. The malicious payload is at chredret.ru/main.php, hosted on 46.249.37.22 (Serverius Holding BV, Netherlands). This is the second “redret” domain in this /24, so blocking 46.249.37.0/24 might be prudent.

Related posts:
  1. “HP Officejet” spam / chredret.ru
  2. Malware: “Your new contract” / coredret.ru
  3. Contract spam / cpojkjfhotzpod.ru
  4. NACHA Spam / chillechart.com and chillepay.com
  5. “Scan from a Xerox W. Pro” spam / 184.22.115.24

Tags:  
Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

THURSDAY, APRIL 18, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments