The Latest in IT Security

US Airways spam / blue-lotusgrove.net

12
Sep
2012

A couple of samples of a fake US Airways spam email leading to malware on blue-lotusgrove.net:


Date:      Tue, 11 Sep 2012 15:32:42 -0300
From:      “US Airways – Reservations” [[email protected]]
Subject:      Please confirm your US Airways online registration.
   
You can check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying internationally). Then, all you need to do is print your boarding pass and proceed to the gate.

Confirmation code: 592499

Check-in online: Online reservation details

Flight

6840    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 9/12/2012    

We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

==========


Date:      Tue, 11 Sep 2012 23:29:14 +0700
From:      “US Airways – Reservations” [[email protected]]
Subject:      US Airways online check-in.

you {l2} check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying {l3}). {l4}, all you {l5} to do is print your boarding pass and {l6} to the gate.

confirmation code: {digit}

check-in online: online reservation details

flight

{digit}    
departure city and time

washington, dc (dca) 10:00pm

depart date: 9/12/2012    


we are committed to protecting your privacy. your information is kept private and confidential. for information about our privacy policy visit usairways.com.

us airways, 111 w. rio salado pkwy, tempe, az 85281 , copyright us airways , all rights reserved.

The malicious payload is at [donotclick]blue-lotusgrove.net/main.php?page=559e008e5ed98bf7 (report here) hosted on 203.91.113.6 (G Mobile, Mongolia), the same IP used in this attack. The following domains are on the same server, they can all be considered to be malicious:


padded.pl
spiki.pl
fruno.pl
nextbox.pl
omariosca.com
hemiga.com
decorera.com
seneesamj.com
unitmusiceditior.com
likenstendarts.com
flatbuzz.com
morepic.net
dushare.net
blue-lotusgrove.net
nitor-solutions.net
gsigallery.net
atfood.ru
indyware.ru
advia.kz
iowa.kz
autumn.kz
wet.kz

Leave a reply


Categories

THURSDAY, NOVEMBER 15, 2018
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks