ACHを騙るスパム - page9.htm
Published: 2012/10/27
観測日: 2012/10/16
通数: 200通/day
手法: 誘導URL型
目的: マルウェア感染
関連
こんな文面。
誘導URLは「page9.htm」
http://ec2010jobbank.thodata.dk/page9.htm http://kaprom-electro.jino.ru/page9.htm
中身はこんなスクリプトで
実行すると
column.phpの中身
この後いつものとおりadobe関連の脆弱性等を突く攻撃へ続きます。
今回誘導URLに使われているサイト
name | IP | 逆引き | AS | AS Name | Country |
---|---|---|---|---|---|
bioinfo.au.tsinghua.edu.cn | 166.111.74.4 | tu074004.ip.tsinghua.edu.cn. | 4538 | ERX-CERNET-BKB_China_Education_and_Research_Network_Center | China |
www.motoagro.cl | 200.111.67.83 | notro.tchile.com. | 6471 | ENTEL_CHILE_S.A. | Chile |
demo.easy-commerce.biz | 194.24.228.63 | vz1vps8.cineteck.net. | 8309 | SIPARTECH_SIPARTECH_Sarl | France |
kaprom-electro.jino.ru | 217.107.34.94 | NONE | 8342 | RTCOMM-AS_OJSC_RTComm.RU | RussianFederation |
agenda.lyon-entreprises.info | 82.165.60.156 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
cal.bikersbattlingbreastcancer.org | 74.208.81.117 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
gallery.stembridgebaseball.net | 74.208.206.107 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
kalender.ffwf.de | 87.106.159.102 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
ocigest.org | 217.160.246.178 | clienteservidor.es. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Spain |
s138421376.onlinehome.us | 74.208.206.254 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
termine.schv-klw.de | 212.227.32.27 | kundenserver.de. | 8560 | ONEANDONE-AS_1&1_Internet_AG | Germany |
www.calendar.3sisterslegion.ca | 74.208.248.40 | perfora.net. | 8560 | ONEANDONE-AS_1&1_Internet_AG | UnitedStates |
belsvadba.ru | 92.53.112.3 | bitrix46.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
belvet.ru | 176.57.216.109 | bitrix108.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
igra31.ru | 176.57.216.109 | bitrix108.timeweb.ru. | 9123 | TIMEWEB-AS_OOO_TimeWeb | RussianFederation |
micro.sci-toys.com | 64.150.188.195 | 64-150-188-195.dedicated.codero.net. | 10316 | CODERO-AS_-_Codero | UnitedStates |
www.agromadrededios.gob.pe | 190.81.122.209 | agromadrededios.gob.pe. | 12252 | America_Movil_Peru_S.A.C. | Peru |
cagidecor.it | 62.48.32.160 | linuxcluster.playnet.it. | 13284 | BRT-AS_Brain_Technology_S.p.A. | Italy |
mignonnettes.it | 62.48.32.193 | NONE | 13284 | BRT-AS_Brain_Technology_S.p.A. | Italy |
www.tideca.net | 184.73.169.216 | mail.suserver.com. | 14618 | AMAZON-AES_-_Amazon.com_Inc. | UnitedStates |
web400.sr37.firestorm.ch | 62.146.152.19 | sr37.firestorm.ch. | 15598 | IP-EXCHANGE_IP_Exchange_GmbH | Switzerland |
alexandr.sysoev.ru | 178.79.161.55 | li299-55.members.linode.com. | 15830 | TELECITY-LON_TELECITYGROUP_INTERNATIONAL_LIMITED | UnitedKingdom |
baureihe01.de | 81.201.154.4 | ip-81-201-154-4.static.reverse.dsi.net. | 16205 | DSINET-ASN_DSI_GmbH_Daten_Service_Informationssysteme | Germany |
test.innovationsportal.dk | 217.116.232.211 | web11.gigahost.dk. | 16245 | NGDC_NetGroup_A/S | Denmark |
library.bracu.ac.bd | 123.49.46.158 | host158.btcl.net.bd. | 17494 | BTTB-AS-AP_Telecom_Operator_&_Internet_Service_Provider_as_well | Bangladesh |
sino-sky.com.cn | 61.4.83.32 | NONE | 17964 | DXTNET_Beijing_Dian-Xin-Tong_Network_Technologies_Co._Ltd. | China |
www.alpinlamm.at | 178.77.86.202 | vwp7767.webpack.hosteurope.de. | 20773 | HOSTEUROPE-AS_Host_Europe_GmbH | Germany |
www.noorservices.com | 41.187.100.7 | NONE | 20928 | NOOR-AS | Egypt |
buy.vuvu.org.tw | 72.233.123.114 | webserver2.xylon.tv. | 22576 | LAYER3-ASN_-_Layered_Technologies_Inc. | UnitedStates |
aikidomusubi.ru | 78.47.186.253 | reufa.ru. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
fischen-floridsdorf.at | 213.133.100.42 | tux19.hoststar.at. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
wayneross.net | 178.63.65.196 | server4.hostultra.com. | 24940 | HETZNER-AS_Hetzner_Online_AG_RZ | Germany |
music.mvlcs.org | 75.119.196.104 | apache2-dap.masseria.dreamhost.com. | 26347 | DREAMHOST-AS_-_New_Dream_Network_LLC | UnitedStates |
upcoming.vdu.it | 62.149.172.185 | host185-172-149-62.serverdedicati.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
www.astromauto.com | 62.149.131.136 | webs1126.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
www.dervishi.com | 62.149.130.158 | webs148.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
www.teresiobianchessi.it | 62.149.140.25 | webx15.aruba.it. | 31034 | ARUBA-ASN_Aruba_S.p.A. | Italy |
eichlerwest.com | 72.47.224.118 | agaacqmgco.c03.gridserver.com. | 31815 | MEDIATEMPLE_-_Media_Temple_Inc. | UnitedStates |
www.donaldyoung.com | 64.207.139.225 | acsmekeisi.gs10.mtsvc.net. | 31815 | MEDIATEMPLE_-_Media_Temple_Inc. | UnitedStates |
operaizh.ru | 87.249.229.2 | mail.operaizh.ru. | 35558 | IZHNET-AS_Izhevsk_Network_Technologies_Ltd | RussianFederation |
www.saan.id.au | 27.123.27.214 | vs-bgiger.per.syra.net.au. | 38719 | AUSTDOM-AS-AP_Aust_Domains_International_Pty_Ltd. | Australia |
www.ilca.org.tw | 140.122.127.190 | ojs.lib.ntnu.edu.tw. | 38844 | NTNU-TW_National_Taiwan_Normal_University | Taiwan |
www.savitri.in | 46.137.230.44 | ec2-46-137-230-44.ap-southeast-1.compute.amazonaws.com. | 38895 | AMAZON-AS-AP_Amazon.com_Tech_Telecom | Singapore |
raspberries.su | 37.140.192.24 | server41.hosting.reg.ru. | 39134 | SKYMEDIA_United_Network_LLC | RussianFederation |
4.gbirsk.ru | 77.222.42.99 | fes.sweb.ru. | 44112 | SWEB-AS_SpaceWeb_JSC | RussianFederation |
kedaisihat.com | 110.4.45.102 | laurel.mschosting.com. | 46015 | EXABYTES-AS-AP_Exa_Bytes_Network_Sdn.Bhd. | Malaysia |
www.usicomos.org | 74.220.215.215 | host215.hostmonster.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
www.uvce.ac.in | 173.254.28.115 | just115.justhost.com. | 46606 | BLUEHOST-AS-2_-_Bluehost_Inc. | UnitedStates |
nofiscal.com | 62.76.40.223 | 62-76-40-223.clodo.ru. | 48172 | OVERSUN-MERCURY_Oversun-Mercury_Ltd | RussianFederation |
ec2010jobbank.thodata.dk | 94.231.107.250 | linux2.unoeuro.com. | 48854 | ZITCOM_ZITCOM_A/S | Denmark |
www.torben-schmidt.dk | 94.231.108.252 | linux4.unoeuro.com. | 48854 | ZITCOM_ZITCOM_A/S | Denmark |
progorod43.ru | 46.17.46.37 | NONE | 51659 | ASBAXET_LLC_BAXET | RussianFederation |
asovencamp.net | 173.0.137.76 | NONE | 53628 | APYLI-AS_-_Apyl_Inc | UnitedStates |
mytvonline.co.uk | 173.0.141.118 | NONE | 53628 | APYLI-AS_-_Apyl_Inc | UnitedStates |
noscasamos.com.ve | 173.0.137.76 | NONE | 53628 | APYLI-AS_-_Apyl_Inc | UnitedStates |
www.colmedsantacruz.org | 86.109.162.47 | h0007.hostytec.com. | 196713 | ABANSYS_AND_HOSTYTEC-AS_Abansys_&_Hostytec_S.L. | Spain |
by jyake