The Latest in IT Security

“Verify your order” / yrikdhxzwo.org

10
Aug
2012

This spam leads to malware on yrikdhxzwo.org:

Date:      Fri, 10 Aug 2012 13:43:57 +0200
From:      “New order” [8A4EDCFB@williamsvilla.com]
To:      [redacted]
Subject:      Verify your order

Dear [redacted],

please verify your order #809910 at http://simplythebestevents.com/wp-content/plugins/mm-forms-community/upload/temp/tracking17948.php?user_id=[redacted]&order_id=8D17821C359

We hope to see you again soon!

The malicious payload is at [donotclick]yrikdhxzwo.org/main.php?page=3f19233d6515cd5d (the payload is defying analysis at the moment), hosted on 54.245.115.156 (Amazon, US). The domain btgjoulrys.info is also on the same server and can be safely assumed to be malicious.

Related posts:
  1. In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT
  2. Spam: Your Amazon.com order of “GoPro HD Helmet HERO Camcorder – Silver” has shipped!
  3. “Your Photos” spam / moskow-carsharing.ru
  4. “Your order for helicopter for the weekend” / ccredret.ru
  5. “merican Airlines Order” / saprolaunimaxim.ru

Tags:  
Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments