Tags » Fast-Flux

VALERIO Pizza Order Confirmation

The sample we analyzed had a link to a malicious page at hxxp://printingcheaper.com/page1.htm?XVUU=S1KGEAGODJ8XNNAHB48IE5UHL&ZELSDVH=J0VL2BFPNUITV68G6&ID5TU3=UA0MLSUW5R2R8GC&DT9=MXK3SEKG0JMHDAU0RZAG6P3K&4S0W2E=8MG1P4S5IGNJAPNX87C&G4YO6P6=AEPEC1D5PXXZ&CS66A7F=RNK4RSELG796VIEX0TUYQ8F9&877R2=VGZBG625JCT8Z9O2K&KQA05=5L5TW1IP247&

This malicious page contained javascript that redirected victims to a Phoenix Exploit kit at hxxp://uiwewsecondary.ru:8080/internet/fpkrerflfvd.php… 269 more words

Malware

NY TRAFFIC TICKET

Malicious URL:
hxxp://partyinthepark.co.za/page4.htm?563H0J=7J7WVK3SIM15NMTA5&SGLU=GPRI34KVG4J9QB&VNOP=DY7VUBIXD4WT&5LEPGN=4IWARW2MUHFT&

The text “To Plead Click Here” in spam contained malicious hyperlink which eventually redirects victim to a Phoenix Exploit kit at hxxp://vitalitysomer.ru:8080/pages/glavctkoasjtct.php. 268 more words

Malware

DHL, Your Flight, Xerox

Subject: DHL DELIVERY CONFIRMATION 393258
Attachment: DHL-invoce-9240104.zip

Subject: Scan from a Xerox WorkCentre Pro #633567
Attachment: 13249638783_Xerox_Document-L134.zip

Subject: Fwd: Your Flight KP256-05746
Attachment: Flight_N8358.zip

Through encoded javascript, victim is eventually redirect to a Phoenix Exploit kit at hxxp://popperwith.su:8080/navigator/jueoaritjuir.php. 233 more words

Malware

FedEx & Wire Transfer

Subject: Re_Wire Transfer (3935SH506).
URL: ceroonce.com /loadit/fondos/file-index.htm

Subject: Fedex Delivery Confirmation 351301.

Victim is eventually redirected to a Phoenix Exploit kit at sonografx[.]ru:8080 /navigator/jueoaritjuir.php hosted at IP addresse(s): 167 more words

Malware

Check from Christian Liberty Financial

On 2012-04-02 we observed a spam email via Cisco’s Security Intelligence Operations with the subject line “Check from Christian Liberty Financial, Mon, 2 Apr 2012 12:33:29 +0100″. 252 more words

Malware

USPS Delivery Confirmation - Failed 64885492

Attachment: UPS_id1086785803.htm

Encoded JS in spam attachment redirects victim to a Phoenix Exploit kit at sisfshsdofhidd[.]ru:8080 /navigator/jueoaritjuir.php hosted at IP addresse(s):

78.83.233.242
125.19.103.198
41.66.137.155
41.168.5.140… 163 more words

Malware

USPS 02193131 delivers Bugat/Feodo

Subject:
DELIVERY CONFIRMATION FROM USPS 02193131
Attachment:
MYUPS_ID3M764824495.htm

The spam contained an encoded script which is used to redirect to a Phoenix Exploit kit at rehjsdgfjhskjksd[.]su:8080 /images/aublbzdni.php hosted at IP addresse(s): 195 more words

Malware