The Latest in IT Security

“merican Airlines Order” / saprolaunimaxim.ru

14
Jun
2012

This fake American Airlines spam leads to malware on saprolaunimaxim.ru:

From: “Tereasa Mcwilliams” [[email protected]]
Date: 14 June 2012 01:36:47 GMT+01:00
Subject: FWD: American Airlines Order

Dear Customer,

FLIGHT NUMBER A47-282
DATE & TIME / JUNE 26, 2012, 12:148 PM
ARRIVING: NEW YORK JFK
TOTAL PRICE : 285.54 USD

Please download and print out your ticket here:
DOWNLOAD

Amercian Airlines

The malicious payload is at [donotclick]saprolaunimaxim.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) which is the same as used in this attack two days ago, however since then the IPs have changed to:

78.83.233.242 (Spectrum Net JSC, Bulgaria)
173.224.209.130 (Psychz Networks, US)

The following domains and IPs are related and should be blocked if you can:
50.57.43.49
50.57.88.200
78.83.233.242
89.108.75.155
89.111.177.151
173.224.209.130
187.85.160.106
girlsnotcryz.ru
hamlovladivostok.ru
holigaansongeer.ru
huletydyshish.ru
insomniacporeed.ru
paranoiknepjet.ru
pekarniamsk.ru
piloramamoskow.ru
pistolitnameste.ru
puleneprobivaemye.ru
pushkidamki.ru
saprolaunimaxim.ru
seledkindoms.ru
spbfotomontag.ru
uzindexation.ru

Leave a reply


Categories

TUESDAY, DECEMBER 10, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments