This time around the spam is almost identical to that which we saw from the September 11th until October 17th. We wrote about this a couple times in articles such as IRS Version of Zeus Continues and A Weekend of Old News, both of which listed many websites previously used by the criminal.
The websites seen so far this morning by the UAB Spam Data Mine have included:
www.irs.gov.ooolnz.co.uk
www.irs.gov.ooolnz.me.uk
www.irs.gov.ooolnz.org.uk
www.irs.gov.ooolnzq.co.uk
www.irs.gov.ooolnzq.me.uk
www.irs.gov.ooolnzq.org.uk
www.irs.gov.ooolnzs.co.uk
www.irs.gov.ooolnzs.me.uk
www.irs.gov.ooolnzs.org.uk
www.irs.gov.oouask.co.uk
www.irs.gov.oouask.me.uk
www.irs.gov.oouask.org.uk
www.irs.gov.oouaso.co.uk
www.irs.gov.oouaso.me.uk
www.irs.gov.oouaso.org.uk
www.irs.gov.oouasr.co.uk
www.irs.gov.oouasr.me.uk
www.irs.gov.oouasr.org.uk
www.irs.gov.oouasv.co.uk
www.irs.gov.oouasv.me.uk
www.irs.gov.oouasv.org.uk
www.irs.gov.oouasz.co.uk
www.irs.gov.oouasz.me.uk
www.irs.gov.oouasz.org.uk
www.irs.gov.ssveef.co.uk
www.irs.gov.ssveef.me.uk
www.irs.gov.ssveef.org.uk
www.irs.gov.ssveeh.co.uk
www.irs.gov.ssveeh.me.uk
www.irs.gov.ssveeh.org.uk
www.irs.gov.ssveem.co.uk
www.irs.gov.ssveem.me.uk
A fresh website image from this morning.
The current version of the malware is:
File size: 83160 bytes
MD5...: 7b4d6fc7369501229b4d7ca6734c228c
VirusTotal is pretty back-logged at the moment. I'll check back for a detection report later in the day and share the results here.
Posts
No comments:
Post a Comment
Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.