This fake US Airways spam leads to malware on reformattedfilmmaker.org:
Date: Wed, 25 Jul 2012 09:46:57 -0500
From: “US Airways – Reservations” [[email protected]]
Subject: Confirm your US airways online reservation.You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying abroad). After that, all you have to do is print your boarding pass and go to the gate.
Confirmation code: 210916
Check-in online: Online reservation details
Flight
4817
Departure city and timeWashington, DC (DCA) 10:00PM
Depart date: 7/26/2012
We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.
US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.
The malicious payload is at [dotnotclick]reformattedfilmmaker.org/main.php?page=70ec803a01c84ddc (report here) hosted on the same Chinese IP address of 221.131.129.200 that was used in a similar spam run yesterday.
UPDATE: a similar US Airways spam run is also underway with a malicious payload on algebrayep.org on the same IP address.
Leave a reply
