cNotes 検索 一覧 カテゴリ

ACHを騙るスパム - page9.htm

Published: 2012/10/27

観測日: 2012/10/16

通数: 200通/day

手法: 誘導URL型

目的: マルウェア感染

関連


こんな文面。

誘導URLは「page9.htm」

 http://ec2010jobbank.thodata.dk/page9.htm
 http://kaprom-electro.jino.ru/page9.htm

中身はこんなスクリプトで

実行すると

column.phpの中身

この後いつものとおりadobe関連の脆弱性等を突く攻撃へ続きます。


今回誘導URLに使われているサイト

nameIP逆引きASAS NameCountry
bioinfo.au.tsinghua.edu.cn166.111.74.4tu074004.ip.tsinghua.edu.cn.4538ERX-CERNET-BKB_China_Education_and_Research_Network_CenterChina
www.motoagro.cl200.111.67.83notro.tchile.com.6471ENTEL_CHILE_S.A.Chile
demo.easy-commerce.biz194.24.228.63vz1vps8.cineteck.net.8309SIPARTECH_SIPARTECH_SarlFrance
kaprom-electro.jino.ru217.107.34.94NONE8342RTCOMM-AS_OJSC_RTComm.RURussianFederation
agenda.lyon-entreprises.info82.165.60.156kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
cal.bikersbattlingbreastcancer.org74.208.81.117perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
gallery.stembridgebaseball.net74.208.206.107perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
kalender.ffwf.de87.106.159.102kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
ocigest.org217.160.246.178clienteservidor.es.8560ONEANDONE-AS_1&1_Internet_AGSpain
s138421376.onlinehome.us74.208.206.254perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
termine.schv-klw.de212.227.32.27kundenserver.de.8560ONEANDONE-AS_1&1_Internet_AGGermany
www.calendar.3sisterslegion.ca74.208.248.40perfora.net.8560ONEANDONE-AS_1&1_Internet_AGUnitedStates
belsvadba.ru92.53.112.3bitrix46.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
belvet.ru176.57.216.109bitrix108.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
igra31.ru176.57.216.109bitrix108.timeweb.ru.9123TIMEWEB-AS_OOO_TimeWebRussianFederation
micro.sci-toys.com64.150.188.19564-150-188-195.dedicated.codero.net.10316CODERO-AS_-_CoderoUnitedStates
www.agromadrededios.gob.pe190.81.122.209agromadrededios.gob.pe.12252America_Movil_Peru_S.A.C.Peru
cagidecor.it62.48.32.160linuxcluster.playnet.it.13284BRT-AS_Brain_Technology_S.p.A.Italy
mignonnettes.it62.48.32.193NONE13284BRT-AS_Brain_Technology_S.p.A.Italy
www.tideca.net184.73.169.216mail.suserver.com.14618AMAZON-AES_-_Amazon.com_Inc.UnitedStates
web400.sr37.firestorm.ch62.146.152.19sr37.firestorm.ch.15598IP-EXCHANGE_IP_Exchange_GmbHSwitzerland
alexandr.sysoev.ru178.79.161.55li299-55.members.linode.com.15830TELECITY-LON_TELECITYGROUP_INTERNATIONAL_LIMITEDUnitedKingdom
baureihe01.de81.201.154.4ip-81-201-154-4.static.reverse.dsi.net.16205DSINET-ASN_DSI_GmbH_Daten_Service_InformationssystemeGermany
test.innovationsportal.dk217.116.232.211web11.gigahost.dk.16245NGDC_NetGroup_A/SDenmark
library.bracu.ac.bd123.49.46.158host158.btcl.net.bd.17494BTTB-AS-AP_Telecom_Operator_&_Internet_Service_Provider_as_wellBangladesh
sino-sky.com.cn61.4.83.32NONE17964DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd.China
www.alpinlamm.at178.77.86.202vwp7767.webpack.hosteurope.de.20773HOSTEUROPE-AS_Host_Europe_GmbHGermany
www.noorservices.com41.187.100.7NONE20928NOOR-ASEgypt
buy.vuvu.org.tw72.233.123.114webserver2.xylon.tv.22576LAYER3-ASN_-_Layered_Technologies_Inc.UnitedStates
aikidomusubi.ru78.47.186.253reufa.ru.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
fischen-floridsdorf.at213.133.100.42tux19.hoststar.at.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
wayneross.net178.63.65.196server4.hostultra.com.24940HETZNER-AS_Hetzner_Online_AG_RZGermany
music.mvlcs.org75.119.196.104apache2-dap.masseria.dreamhost.com.26347DREAMHOST-AS_-_New_Dream_Network_LLCUnitedStates
upcoming.vdu.it62.149.172.185host185-172-149-62.serverdedicati.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.astromauto.com62.149.131.136webs1126.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.dervishi.com62.149.130.158webs148.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
www.teresiobianchessi.it62.149.140.25webx15.aruba.it.31034ARUBA-ASN_Aruba_S.p.A.Italy
eichlerwest.com72.47.224.118agaacqmgco.c03.gridserver.com.31815MEDIATEMPLE_-_Media_Temple_Inc.UnitedStates
www.donaldyoung.com64.207.139.225acsmekeisi.gs10.mtsvc.net.31815MEDIATEMPLE_-_Media_Temple_Inc.UnitedStates
operaizh.ru87.249.229.2mail.operaizh.ru.35558IZHNET-AS_Izhevsk_Network_Technologies_LtdRussianFederation
www.saan.id.au27.123.27.214vs-bgiger.per.syra.net.au.38719AUSTDOM-AS-AP_Aust_Domains_International_Pty_Ltd.Australia
www.ilca.org.tw140.122.127.190ojs.lib.ntnu.edu.tw.38844NTNU-TW_National_Taiwan_Normal_UniversityTaiwan
www.savitri.in46.137.230.44ec2-46-137-230-44.ap-southeast-1.compute.amazonaws.com.38895AMAZON-AS-AP_Amazon.com_Tech_TelecomSingapore
raspberries.su37.140.192.24server41.hosting.reg.ru.39134SKYMEDIA_United_Network_LLCRussianFederation
4.gbirsk.ru77.222.42.99fes.sweb.ru.44112SWEB-AS_SpaceWeb_JSCRussianFederation
kedaisihat.com110.4.45.102laurel.mschosting.com.46015EXABYTES-AS-AP_Exa_Bytes_Network_Sdn.Bhd.Malaysia
www.usicomos.org74.220.215.215host215.hostmonster.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
www.uvce.ac.in173.254.28.115just115.justhost.com.46606BLUEHOST-AS-2_-_Bluehost_Inc.UnitedStates
nofiscal.com62.76.40.22362-76-40-223.clodo.ru.48172OVERSUN-MERCURY_Oversun-Mercury_LtdRussianFederation
ec2010jobbank.thodata.dk94.231.107.250linux2.unoeuro.com.48854ZITCOM_ZITCOM_A/SDenmark
www.torben-schmidt.dk94.231.108.252linux4.unoeuro.com.48854ZITCOM_ZITCOM_A/SDenmark
progorod43.ru46.17.46.37NONE51659ASBAXET_LLC_BAXETRussianFederation
asovencamp.net173.0.137.76NONE53628APYLI-AS_-_Apyl_IncUnitedStates
mytvonline.co.uk173.0.141.118NONE53628APYLI-AS_-_Apyl_IncUnitedStates
noscasamos.com.ve173.0.137.76NONE53628APYLI-AS_-_Apyl_IncUnitedStates
www.colmedsantacruz.org86.109.162.47h0007.hostytec.com.196713ABANSYS_AND_HOSTYTEC-AS_Abansys_&_Hostytec_S.L.Spain

[カテゴリ:spam観察日記]

by jyake