The Latest in IT Security

“Your Flight Order ?994284” / saprolaunimaxim.ru

12
Jun
2012

This fake flight email leads to malware on saprolaunimaxim.ru.

From: Simonne Storey [[email protected]]
Subject: Your Flight Order ?994284

Dear Customer,

FLIGHT NUMBER A45-342
DATE & TIME / JUNE 27, 2012, 10:140 PM
ARRIVING: NEW YORK JFK
TOTAL PRICE : 456.62 USD

Please download and print out your ticket here:
DOWNLOAD

Amercian Airlines{br[1-5]}

The link hoes to a malicious payload on [donotclick]saprolaunimaxim.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IP addresses:

89.108.75.155 (Agava Ltd, Russia)
50.57.43.49 (Slicehost, US)
50.57.88.200 (Slicehost, US)

The following IPs and domains are also connected to this malware and should be considered hostile:
girlsnotcryz.ru
hamlovladivostok.ru
holigaansongeer.ru
paranoiknepjet.ru
piloramamoskow.ru
pistolitnameste.ru
pushkidamki.ru
spbfotomontag.ru
stroby.ru
uzindexation.ru
31.17.189.212
50.57.43.49
50.57.88.200
89.108.75.155
184.106.200.65
187.85.160.106

Leave a reply


Categories

TUESDAY, JULY 16, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks