2014-07-22 - MALWARE INFECTION FROM LINK IN ASPROX BOTNET EMAIL

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2014-07-22-fake-toll-road-phishing-emails-for-24-hours.csv.zip

NOTES:

• Malicious emails from the Asrpox botnet continue.  A co-worker sent me a copy of one he received on a personal email account on Monday, July 21.
• The link to the malware was not active, so I don't have a sample for this blog entry.
• However, this post includes a spreasheet with sending IP addresses, sending host names, message ID headers, subject lines I've run across in the last 24 hours.

 



 

EMAIL EXAMPLE

SCREENSHOT:





 

SUBJECT LINE:

Indebtedness for driving on toll road

 

MESSAGE:

Dear customer,

You have not paid for driving on a toll road. This invoice is sent repeatedly,
please service your debt in the shortest possible time.

The invoice can be downloaded here.

 

LINK FROM THE EMAIL TO THE MALWARE:

192.185.163[.]137 - kerryrefkindesigns[.]com/wp-content/plugins/rw.php?toll=9L5s/mLfAM6LlinEpZIwu/4GiHTq8MZRQkK+Fsg7GwY=

 

Click here to return to the main page.