Another spam, another “redret” domain. This time the spam is a “changelog” one, the malicious payload is on cjredret.ru/main.php.
Date: Thu, 29 Dec 2011 07:59:51 +0200
From: [email protected]
Subject: Re: Fwd: Your Changelog UPDATED
as promised chnglog updated -: View Changelog
The site is hosted on 220.127.116.11 (Delta-X, Ukraine), the same IP address as yesterday. If you don’t have any reason to send traffic to the Ukraine, blocking access to 18.104.22.168/22 might be prudent.
Leave a reply