The Latest in IT Security

Malicious spam / Invoice_N{DIG}.zip

05
Apr
2012

We’re seeing a huge spam run at the moment with various subject and attachments, but typically using an HTML-in-ZIP attack with an attachment called Invoice_N{DIG}.zip

Subjects include:
DHL: DELIVER CONFIRMATION – FAILED 113996
FW: End of Aug. Statement
FW: Scan from a Xerox W. Pro  #7338339
although there are probably many others.

The attachment leads to a multihomed exploit kit (report here) on:
hxxp://41.168.5.140:8080/navigator/jueoaritjuir.php
hxxp://62.85.27.129:8080/navigator/jueoaritjuir.php
hxxp://78.83.233.242:8080/navigator/jueoaritjuir.php
hxxp://180.235.150.72:8080/navigator/jueoaritjuir.php
hxxp://211.44.250.173:8080/navigator/jueoaritjuir.php
hxxp://219.94.194.138:8080/navigator/jueoaritjuir.php

Hosts:
41.168.5.140 (Neotel, South Africa)
62.85.27.129 (Microlink, Latvia)
78.83.233.242 (Spectrum Net, Bulgaria)
180.235.150.72 (Ardh Global, Indonesia)
211.44.250.173 (SK Broadband Co Ltd, Korea)
219.94.194.138 (Sakura Internet Inc, Japan)

Plain list for copy-and-pasting:
41.168.5.140
62.85.27.129
78.83.233.242
180.235.150.72
211.44.250.173
219.94.194.138

Leave a reply


Categories

TUESDAY, DECEMBER 10, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments