The Latest in IT Security

Federal Reserve Wire Network spam / vanishingmasers.ru

13
Apr
2012

This spam leads to malware on vanishingmasers.ru:

Date:      Thu, 12 Apr 2012 15:14:41 -0300
From:      “Lidia Polk” [[email protected]]
Subject:      RE: Wire transfer cancelled

Good afternoon,

Wire transfer was canceled by the other bank.

Rejected transaction:

FEDWIRE REFERENCE NUMBER: SK9415179747ODP36641K

Wire Transfer Report: View

The Federal Reserve Wire Network

The payload is on vanishingmasers.ru:8080/pages/glavctkoasjtct.php (report here) which is hosted on some familiar looking IP addresses:

41.168.5.140 (Neotel, South Africa)
62.85.27.129 (Microlink, Latvia)
83.170.91.152 (UK2.NET, UK)
85.214.204.32 (Strato AG, Germany)
88.190.22.72 (Free SAS / ProXad, France)
89.31.145.154 (Nexen, France)
112.78.124.115 (Sakura Internet, Japan)
125.19.103.198 (Bharti Infotel, India)
210.56.23.100 (Commission For Science And Technology, Pakistan)
211.44.250.173 (SK Broadband, Korea)
219.94.194.138 (Sakura Internet, Japan)

Plain list for copy-and-pasting:
41.168.5.140
62.85.27.129
83.170.91.152
85.214.204.32
88.190.22.72
89.31.145.154
112.78.124.115
125.19.103.198
210.56.23.100
211.44.250.173
219.94.194.138

Leave a reply


Categories

THURSDAY, AUGUST 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks