Spam season continues with this fake “contract” email with a link that leads to a malicious payload on coredret.ru/main.php.
Date: Thu, 8 Dec 2011 01:58:25 +0700
From: “Daisy Newby” [[email protected]]
Subject: Your new contract
As we arranged the day before yesterday in the in your place we’ve got the contract ready, plase study it carefully and let us know whether you accept all the issues.
We’ve attached the copy of the contract below
coredret.ru is hosted on 220.127.116.11 (UkrStar ISP, Ukraine). 18.104.22.168/23 is very sparsely populated, so blocking access to it should cause no problems.
Leave a reply