This is an email with a link leading to malware. We’ve seen this pitch before:
Subject: Re: I’m in trouble!
I was at a party yesterday, got drunk, couldn’t drive the car, somebody gave me a lift on my car, and crossed on the red light!
I’ve just got the pictures, maybe you know him???
Here is the photo
I need to find him urgently!
The link goes to a legitimate hacked site, then to a multihomed .ru site on the following IPs:
This is pretty much the same IP list as seen last week (new IPs highlighted). It’s unclear at the moment which domains are on the IPs (though there are some Redret domains here), so blocking the addresses is the safest bet.
Leave a reply