Spam season continues with this fake “contract” email with a link that leads to a malicious payload on coredret.ru/main.php.
Date: Thu, 8 Dec 2011 01:58:25 +0700
From: “Daisy Newby” [[email protected]]
Subject: Your new contractAs we arranged the day before yesterday in the in your place we’ve got the contract ready, plase study it carefully and let us know whether you accept all the issues.
We’ve attached the copy of the contract below
Contract.doc 36kbBest Wishes
Daisy NewbyFingerprint: bfe69dcc-ccc03723
coredret.ru is hosted on 91.195.11.41 (UkrStar ISP, Ukraine). 91.195.10.0/23 is very sparsely populated, so blocking access to it should cause no problems.
Leave a reply