The Latest in IT Security

“Fwd: Wire Transfer (9579GQ518) ” spam / forumanarhist.ru

19
Jul
2012

This fake wire transfer spam leads to malware at forumanarhist.ru:

Date:      Thu, 19 Jul 2012 02:56:36 -0400
From:      [email protected]
Subject:      Fwd: Wire Transfer (9579GQ518)
Attachments:     Wire_AMBA01-Rejected.htm

Dear Operator,

WIRE N: FD-1059598546520289

STATUS: REJECTED

You can find details in the attached file.

The malicious attachment is named Wire_AMBA01-Rejected.htm and contains a redirector to [donotclick]forumanarhist.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here)

That site is multhomed at the following IPs:
78.83.233.242
203.80.16.81
213.17.171.186

There are some additional IPs and domains that can be found in this post that should also be blocked.

Leave a reply


Categories

TUESDAY, OCTOBER 23, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks