This somewhat mangled looking fake FedEx spam leads to malware on studiomonahan.net:
Date: Thu, 6 Sep 2012 11:00:28 -0600
From: [email protected]
Subject: Your Fedex invoice is ready to be paid now.
FedEx Billing Online – Ready for Paymentfedex.com
<td wid=”th=”10″” rowspan=”2″>
Hello [redacted]
You have a new not paid bill from FedEx that is ready for payment.The following ivoice(s) are ready for your review :
<table border-top=”1px solid #000″ solid=”” #000″=”” border-left=”1px solid #ccc” border=”-bottom=”1px” height=”55″ width=”473″>
<td= class=”resultstableheader”>
Invoice Number
7215-17193To pay or review these invoices, please sign in to your FedEx Billing Online account by clicking on this link: http://www.fedex.com/us/account/fbo
Note: Please do not use this email to submit payment. This email may not be used as a remittance notice. To pay your invoices, please visit FedEx Billing Online, http://www.fedex.com/us/account/fbo
Thank you,
Revenue Services
FedEx
This message has been sent by an auto responder system. Please do not reply to this message.
The content of this message is protected by copyright and trademark laws under U.S. and international law.
Review our privacy policy. All rights reserved.
Subjects spotted so far include:
Pay your Fedex invoice online.
Your Fedex invoice is ready to be paid now.
Please pay your outstanding Fedex invoice.
Your Fedex invoice is ready.
The malicious payload is found at [donotclick]studiomonahan.net/main.php?page=2bfd5695763b6536 (report here) hosted on 206.253.164.43 (Hostigation, US). The server contains the following suspect domains which should also be blocked:
fireinthesgae.pl
joncarterlope.pl
storuofginezi.com
usagetorrenen.com
dinitrolkalor.com
comercicalinz.com
studiomonahan.net
globusbusworld.su
jordanpowelove.su
appropriatenew.su
cdfilmcounderw.su
studiomonahan.net
Leave a reply
