tech support 9

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 11 July 2013

Malware sites to block 11/7/13

Posted on 02:31 by Unknown


I noticed 188.138.89.106 (Intergenia AG, Germany) was the originating IP being used in this spam run using a hijacked 1&1 account, and VirusTotal thinks that the server is pretty darned evil. A quick poke at this box shows that has a number of multihomed malicious and C&C domains.

Looking at some of these servers, I'm suspicious that they may have been compromised using a Plesk vulnerability.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in .SU, 1&1, Germany, Intergenia, Malware, UK2.NET, Viruses | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Registered Express Corporation (RGTX) pump and dump spam
    It's taken me a few days to get around to this due to moving house, but here's a new pump-and-dump spam run promoting a stock Regist...
  • "CEO Portal Statements & Notices Event" spam / report_{DIGIT[12]}.exe
    This fake Wells Fargo email has a malicious attachment: Date:      Fri, 16 Aug 2013 09:51:17 -0500 [10:51:17 EDT]From:      Wells Fargo Even...
  • ACH file ID "999.107" has been processed successfully spam / www.fiscdp.com.airfare-ticketscheap.com
    This fake FISC ACH spam leads to malware on www.fiscdp.com.airfare-ticketscheap.com: Date:      Tue, 10 Sep 2013 17:05:49 +0530 [07:35:49 ED...
  • USPS spam / Label_ZFRLOADD5PGGZ0Z_USPS.zip
    This fake USPS spam has a malicious attachment: Date:      Tue, 15 Oct 2013 09:36:02 -0500 [10:36:02 EDT]From:      USPS Express Services [s...
  • StumbleUpon spam / drugstorepillstablets.ru
    This fake StumbleUpon spam is something new, it leads to a fake pharma site on drugstorepillstablets.ru: Date:      Mon, 4 Feb 2013 01:01:46...
  • "Support Center" spam / phticker.com
    Not malware this time, but this fake "Support Center" spam leads to a fake pharma site at phticker.com: Date:      Mon, 11 Feb 201...
  • inukjob.com fake job offer (also ineurojob.com and hollandsjob.com)
    This fake job offer from inukjob.com involves illegal money laundering, and it also seems that the scammers want to use your identity for ...
  • Dealerbid.co.uk "Quotation.zip" spam with malicious VBS script
    The website dealerbid.co.uk has been compromised and their servers hacked in order to send spam to their customer list. Something similar ha...
  • Fake Staples spam leads to malware on tootle.us
    This fake Staples spam leads to malware on a site called tootle.us: Date:      Wed, 2 Oct 2013 08:40:11 -0500 [09:40:11 EDT]From:      suppo...
  • Laughable advanced fee fraud scam promises $2.5
    Two-and-a-half bucks? I think I'll pass. From:     Mr Anthony Freed [johnewele12@cantv.net]Reply-to:     dhlcorriadeliveryservice@live.c...

Categories

  • .SU
  • 1&1
  • 419
  • ADP
  • Advanced Fee Fraud
  • Advertising
  • Adware
  • AICPA
  • Amazon
  • Amerika
  • Android
  • Anti-Virus Software
  • AOL
  • Apple
  • Aruba
  • Australia
  • Austria
  • BBB
  • Black Hat
  • Blackhole
  • Blogging
  • Botnet
  • Brazil
  • Bulgaria
  • Canada
  • Chile
  • China
  • CNN
  • Colombia
  • CookieBomb
  • Crime
  • CyberBunker
  • Data Breach
  • DHL
  • DOC
  • Domains
  • Dynamic DNS
  • eBay
  • Edis
  • eFax
  • Egypt
  • Emailmovers Ltd
  • Endurance International Group
  • Estonia
  • Evil Network
  • EXE-in-ZIP
  • Facebook
  • Fail
  • Fake Pharma
  • False Positive
  • FedEx
  • Finland
  • France
  • Gandi
  • Germany
  • GHOSTnet
  • GoDaddy
  • Google
  • Greece
  • Hacked sites
  • Hetzner
  • HMRC
  • Hosting
  • Hungary
  • India
  • Injection Attacks
  • Intergenia
  • INTUIT
  • Iran
  • IRS
  • Israel
  • Italy
  • Japan
  • Job Offer Scams
  • Joe Job
  • Jolly Works Hosting
  • Kelihos
  • Kenya
  • Korea
  • Latvia
  • Law
  • Leaseweb
  • LinkedIn
  • Linode
  • Lithuania
  • Lithunia
  • logol.ru
  • Macintosh
  • Magnitude
  • Malware
  • Mea Culpa
  • Microsoft
  • Moldova
  • Money Mule
  • Mongolia
  • NACHA
  • NATO
  • Netherlands
  • Neutrino
  • Nuclear Fallout Enterprises
  • OVH
  • Pakistan
  • Patches
  • PayPal
  • Philippines
  • Phishing
  • Phishtank
  • Phones
  • Pinterest
  • Pizza
  • Poland
  • Politics
  • Porn
  • PPI
  • Printer Spam
  • Privacy
  • Pump and Dump
  • Retro
  • Romania
  • RU:8080
  • Russia
  • Sally Gaskell
  • Scam
  • Scams
  • Senegal
  • Serbia
  • Serverius
  • Sidharth Shah
  • Simply Transit
  • Singapore
  • Slicehost
  • SMS
  • South Africa
  • Spain
  • Spam
  • Stupidity
  • Sweden
  • Sweet Orange
  • Switzerland
  • Syria
  • Taiwan
  • Telepests
  • Thailand
  • TheFirst-RU
  • ThreeScripts
  • Tor
  • Turkey
  • UAE
  • UK2.NET
  • Ukraine
  • UPS
  • US Airways
  • USPS
  • VBScript
  • Virgin Media
  • Viruses
  • Waledac
  • Weather
  • Xeex
  • Yahoo
  • YouTube
  • Zbot
  • Zeus

Blog Archive

  • ▼  2013 (500)
    • ►  November (29)
    • ►  October (37)
    • ►  September (46)
    • ►  August (44)
    • ▼  July (62)
      • "Documento importante : 5039403 !!" spam / Planilh...
      • Facebook spam / deltaoutriggercafe.com
      • eBay "ready to get started? Here’s how." spam / de...
      • "Your password on Pinterest was Successfully modif...
      • CNN "Angelina Jolie tops list of highest-paid actr...
      • Pharma sites to block 30/7/13
      • Malware sites to block 30/7/13
      • Facebook spam / happykido.com
      • "Key Secured Message" spam / SecureMessage.zip
      • Jolly Works Hosting.. is it really Jolly?
      • Bank of America "Your transaction is completed" sp...
      • Intellicast.com spam / artimagefrance.com
      • "welcome to the eBay community!" spam / artimagefr...
      • Mobiquant - when IT security goes badly wrong
      • "INCOMING FAX REPORT" spam / 2013vistakonpresident...
      • CNN "77 dead after train derails" spam / evocarr.net
      • CNN "Perfect gift for royal baby ... a tree?" spam...
      • "You requested a new Facebook password" spam / nph...
      • More deceptive parkconnect.net / Emailmovers Ltd spam
      • CNN "Harrison Ford" spam / 173.246.101.146 and fra...
      • Something evil on 91.233.244.102, Part II
      • webcashmgmt.com "Incoming Money Transfer" spam / A...
      • Something evil on 91.233.244.102
      • Malware sites to block 23/7/13
      • IRS.gov "Complaint Case #488870383295" spam / Comp...
      • BMW spam / pagebuoy.net
      • American Airlines spam / sai-uka-sai.com
      • OVH Hacked
      • ygregistryltd.net / "Huasheng Ltd" domain scam
      • David Cameron's porn block - how will it work?
      • Verizon Wireless "Data Usage Overage Alert" / veri...
      • whoswhonetworkonline.com spam
      • K&L Wine Merchants (KLWines.com) spam / prysmm.net
      • primrose.co.uk hacked, email addresses compromised
      • 02086 547426 "PC Wizard" tech support scam
      • "Houston Marriott Westchase Reservation Confirmati...
      • Bank of America spam / stid 36618-22.zip
      • "Invoice 48920" spam / doc201307161139482.doc
      • Malware sites to block 16/7/13
      • Half your video missing in Windows Movie Maker? MS...
      • msi.com hacked with kristians1.net
      • UPS spam / tvblips.net
      • NOST (NOST.QB) / NSU Resources Inc Pump and Dump ...
      • ygregistry.com.cn domain scam
      • "TAX Return Reminder" / cpa.state.tx.us.tax-return...
      • Malware sites to block 11/7/13
      • "WTX Media INC" spam / dajizzum.com
      • Visa spam / estateandpropertty.com and clik-kids.com
      • Something evil on 199.231.93.182
      • "Payment File Successfully Processed" spam / autor...
      • Malware sites to block 9/7/13
      • Xerox WorkCentre (or is it HP Digital Device?) spa...
      • sendgrid.me / amazonaws.com spam
      • Amex spam / americanexpress.com.krasalco.com
      • yelldatauk.com / Sally Gaskell spam
      • EBC "Password Reset Confirmation" spam / paynotice...
      • Mystery spam leads to Emailmovers Ltd (emailmovers...
      • Babylon and the 3954 Trojans, or the Whore of Baby...
      • Malware sites to block 2/7/13
      • Adware sites to block 2/7/13
      • Pinterest spam / pinterest.com.reports0701.net
      • Adware sites to block 1/7/13
    • ►  June (42)
    • ►  May (39)
    • ►  April (67)
    • ►  March (67)
    • ►  February (60)
    • ►  January (7)
Powered by Blogger.

About Me

Unknown
View my complete profile