Another malicious spam, this time leading to an exploit page on coolwebzuzuzu.ru/main.php.
Date: Tue, 16 Jan 2012 02:50:00 +0000
From: officejet@victimdomain.com
Subject: Fwd: Fwd: Scan from a Xerox W. Pro #9522304A Document was sent to you using a XEROX OFFICE N220337423.
SENT BY: LAURA
IMAGES : 6
FORMAT (.JPG) DOWNLOADDEVICE: PD55695SK7AO559107L
coolwebzuzuzu.ru is hosted on 66.225.237.222, HostForWeb in Chicago. There is another malware site on an adjacent IP. You might want to block both IPs or even the whole /24 to be on the safe side.
Leave a reply