This is an email with a link leading to malware. We’ve seen this pitch before:
Subject: Re: I’m in trouble!
I was at a party yesterday, got drunk, couldn’t drive the car, somebody gave me a lift on my car, and crossed on the red light!
I’ve just got the pictures, maybe you know him???
Here is the photoI need to find him urgently!
Thank you
Belita
The link goes to a legitimate hacked site, then to a multihomed .ru site on the following IPs:
125.214.74.8
129.67.100.11
173.201.187.225
173.230.137.129
173.255.229.33
174.122.121.154
209.59.222.145
211.44.250.173
213.193.231.210
24.37.34.163
46.105.28.61
50.57.77.119
50.57.118.247
74.208.205.185
78.47.135.105
78.129.233.8
80.90.199.196
81.31.43.43
82.165.197.58
83.170.91.152
84.246.210.87
85.214.204.32
87.106.201.119
93.189.88.198
97.74.87.3
This is pretty much the same IP list as seen last week (new IPs highlighted). It’s unclear at the moment which domains are on the IPs (though there are some Redret domains here), so blocking the addresses is the safest bet.
Leave a reply
