Date: Thu, 19 Jul 2012 02:56:36 -0400
From: [email protected]
Subject: Fwd: Wire Transfer (9579GQ518)
WIRE N: FD-1059598546520289
You can find details in the attached file.
The malicious attachment is named Wire_AMBA01-Rejected.htm and contains a redirector to [donotclick]forumanarhist.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here)
That site is multhomed at the following IPs:
There are some additional IPs and domains that can be found in this post that should also be blocked.
Leave a reply