The Latest in IT Security

Wire Transfer spam / webmoniacs.ru

03
Nov
2012


This fake wire transfer spam leads to malware on webmoniacs.ru:

Date:      Fri, 2 Nov 2012 06:23:10 +0700
From:      “[email protected]” [[email protected]]
Subject:      RE: Wire Transfer cancelled

Dear Sirs,

The Wire transfer was canceled by the other bank.

Canceled transaction:

FED REFERENCE NUMBER: 628591160ACH34584

Transaction Report: View

The Federal Reserve Wire Network

The malicious payload is at [donotclick]webmoniacs.ru:8080/forum/links/column.php hosted on:
65.99.223.24 (RimuHosting, US)
203.80.16.81 (MYREN, Malaysia)
209.51.221.247 (eNet, US)

The following IPs and domain are all connected and should be blocked:
50.22.102.132
62.76.186.190
65.99.223.24
68.67.42.41
79.98.27.9
84.22.100.108
85.143.166.170
132.248.49.112
203.80.16.81
209.51.221.247
213.251.171.30
denegnashete.ru
dianadrau.ru
donkihotik.ru
fidelocastroo.ru
finitolaco.ru
fionadix.ru
forumibiza.ru
kiladopje.ru
lemonadiom.ru
manekenppa.ru
panacealeon.ru
panalkinew.ru
pionierspokemon.ru
ponowseniks.ru
rumyniaonline.ru
webmoniacs.ru
windowonu.ru

Related posts:
  1. Wire Transfer spam / porschedesignrussia.ru
  2. Wire Transfer / HP spam and pistolitnameste.ru
  3. “Fwd: Wire Transfer (9579GQ518) ” spam / forumanarhist.ru
  4. Federal Reserve Wire Network spam / vanishingmasers.ru
  5. NACHA / Wire Transfer malicious emails

Tags:  
Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

TUESDAY, APRIL 16, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments