cNotes 検索一覧カテゴリ

AT＆Tを騙るスパム

Published: 2012/08/07

観測日： 2012/8/3

通数： 300通/day

手法：誘導URL型

目的：マルウェア感染

特徴：

サイトに設置されるスクリプトファイルのファイル名が「atbilred.html」

AT&Tの課金情報を騙る感じ。

久しぶりにみるネタではありますが、結局いつものパターンの攻撃で、誘導URLはこのような感じです。

 ｈttp://adif.ro/wp-content/plugins/zumtekuuvef/atbilred.html
 ｈttp://adviko.ru/doc/atbilred.html
 ｈttp://americafinanciallyenslaved.com/modules/atbilred.html
 ｈttp://autismspeech.com/blog/wp-content/plugins/zeuiieoouow/atbilred.html
 ｈttp://bigdeal.ro/wp-content/plugins/zeepmjnaoom/atbilred.html
 ｈttp://dansvoorhetleven.nl/audio/atbilred.html
 ｈttp://deafplus.us/wp/wp-content/plugins/zfoorahmuib/atbilred.html
 ｈttp://elecok.de/modules/atbilred.html
 ｈttp://flashinlabs.biz/modules/atbilred.html
 ｈttp://grandcanyoncelticarts.org/wp-content/plugins/zeexwrufdor/atbilred.html
 ｈttp://hexbugnano.co.uk/wp-content/plugins/zexjtehgupg/atbilred.html
 ｈttp://hostingtag.com/wp-content/plugins/zuspkmioloe/atbilred.html
 ｈttp://indreams.pl/wp-includes/atbilred.html
 ｈttp://insuranceforca.com/wp-includes/atbilred.html
 ｈttp://issueswithaging.com/wp-content/plugins/zeaaiumxqqi/atbilred.html
 ｈttp://jasonrich.com/wp-includes/atbilred.html
 ｈttp://lostsoul.ro/wp-content/plugins/zdopwbrdkyv/atbilred.html
 ｈttp://masoncerbone.com/wp-content/plugins/zeeyseapoee/atbilred.html
 ｈttp://montecorneo.com/images/atbilred.html
 ｈttp://nerantzis.gr/modules/atbilred.html
 ｈttp://notfallapotheken.ch/modules/atbilred.html
 ｈttp://odessa-ua.net/modules/atbilred.html
 ｈttp://ooesv.at/modules/atbilred.html
 ｈttp://opelgombos.hu/images/atbilred.html
 ｈttp://parkhotelpotenza.com/modules/atbilred.html
 ｈttp://pmuc.cm/images/atbilred.html
 ｈttp://rugia-greifswald.de/images/atbilred.html
 ｈttp://sahkosuomilammi.fi/modules/atbilred.html
 ｈttp://search-edu.net/wp-admin/atbilred.html
 ｈttp://shomrat.net/modules/atbilred.html
 ｈttp://solstadhotell.no/modules/atbilred.html
 ｈttp://spaconcept.ca/modules/atbilred.html
 ｈttp://tevrom.ro/modules/atbilred.html
 ｈttp://tfbayonet.com/wp-admin/atbilred.html
 ｈttp://thebiographyauthority.com/blog/wp-content/plugins/zupsxcelope/atbilred.html
 ｈttp://uedstar.com/wp-content/plugins/zeoxolbbptk/atbilred.html
 ｈttp://ukr-vestnik.com/modules/atbilred.html
 ｈttp://wavyboy.com/site/wp-content/plugins/zmiufagcija/atbilred.html

domain	ip	name	AS	AS name	Country
dansvoorhetleven.nl	82.94.206.45	www02.netrex.nl.	3265	XS4ALL-NL_XS4ALL_Internet_BV	Netherlands
americafinanciallyenslaved.com	173.230.138.27	li178-27.members.linode.com.	3595	GNAXNET-AS_-_Global_Net_Access_LLC	UnitedStates
tevrom.ro	85.9.56.197	wp05.myhost.ro.	5606	KQRO_GTS_Telecom_SRL	Romania
tevrom.ro	85.9.56.202	wp05.myhost.ro.	5606	KQRO_GTS_Telecom_SRL	Romania
adviko.ru	93.125.99.9	vh39.hoster.by.	6697	BELPAK-AS_Republican_Association_BELTELECOM	Belarus
solstadhotell.no	81.27.45.87	phoenix.adept.no.	8542	BKKB_BKK_Fiber_AS	Norway
sahkosuomilammi.fi	81.90.69.69	u69.myrootshell.com.	8624	TENUE-AS_Tenue_Oy	Finland
ooesv.at	82.220.34.22	330.hostserv.eu.	9044	SOLNET_BSE_Software_GmbH	Switzerland
flashinlabs.biz	89.163.175.34	89.163.175.34.static.rdns-uclo.net.	13301	UNITEDCOLO-AS_UNITED_COLO_GmbH	Italy
shomrat.net	69.65.119.148	usa3.hostbaron.com.	14383	VCS-AS_-_Virtacore_Systems_Inc	UnitedStates
deafplus.us	216.97.237.203	philip.lunariffic.com.	15244	ADDD2NET-COM-INC-DBA-LUNARPAGES_-_Lunar_Pages	UnitedStates
elecok.de	80.190.188.144	web04.sysfire.de.	15598	IP-EXCHANGE_IP_Exchange_GmbH	Germany
pmuc.cm	213.186.33.4	cluster003.ovh.net.	16276	OVH_OVH_Systems	France
wavyboy.com	94.136.40.103	linux.lb.123-reg.co.uk.	20738	AS20738_Webfusion_Internet_Solutions	UnitedKingdom
notfallapotheken.ch	80.74.139.2	arvandus.ch-meta.net.	21069	ASN-METANET_METANET_AG_Switzerland	Switzerland
search-edu.net	173.212.222.114	cloud-la.nextweb.co.in.	21788	NOC_-_Network_Operations_Center_Inc.	UnitedStates
tfbayonet.com	173.212.222.114	cloud-la.nextweb.co.in.	21788	NOC_-_Network_Operations_Center_Inc.	UnitedStates
nerantzis.gr	174.121.78.38	dre.dreamwebhellas.com.	21844	THEPLANET-AS_-_ThePlanet.com_Internet_Services_Inc.	UnitedStates
montecorneo.com	64.38.37.51	cf.surgeservers.net.	22576	LAYER3-ASN_-_Layered_Technologies_Inc.	UnitedStates
odessa-ua.net	178.63.61.77	static.77.61.63.178.clients.your-server.de.	24940	HETZNER-AS_Hetzner_Online_AG_RZ	Germany
parkhotelpotenza.com	62.141.39.80	apollo.voxweb.it.	24961	FIBREONE-AS_myLoc_managed_IT_AG	Germany
grandcanyoncelticarts.org	75.119.205.103	apache2-nads.biggs.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
issueswithaging.com	69.163.236.49	apache2-twiddle.manila.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
lostsoul.ro	75.119.216.175	apache2-blow.storm.dreamhost.com.	26347	DREAMHOST-AS_-_New_Dream_Network_LLC	UnitedStates
opelgombos.hu	212.52.180.13	schlotter.lanten.hu.	28924	INTEGRITY-HU-AS_INTEGRITY_Informatics_Ltd.	Hungary
indreams.pl	94.152.194.35	5.ires.pl.	29522	KEI_Krakowskie_e-Centrum_Informatyczne_JUMP	Poland
autismspeech.com	65.254.248.128	65-254-248-128.yourhostingaccount.com.	29873	BIZLAND-SD_-_The_Endurance_International_Group_Inc.	UnitedStates
insuranceforca.com	64.29.151.221	hostedc40.carrierzone.com.	30447	INFB2-AS_-_InternetNamesForBusiness.com	UnitedStates
hexbugnano.co.uk	79.170.44.142	web142.extendcp.co.uk.	31727	NODE4-AS_Node4_Ltd_UK	UnitedKingdom
masoncerbone.com	69.175.41.2	node01.tmdhosting210.com.	32475	SINGLEHOP-INC_-_SingleHop	UnitedStates
jasonrich.com	72.29.75.223	mac.dizinc.com.	33182	DIMENOC_-_HostDime.com_Inc.	UnitedStates
adif.ro	94.60.136.151	151-136-static.mxserver.ro.	35818	WEBFACTOR-AS_Webfactor_SRL	Romania
hostingtag.com	108.167.149.185	NONE	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
spaconcept.ca	184.173.11.91	184.173.11.91-static.reverse.softlayer.com.	36351	SOFTLAYER_-_SoftLayer_Technologies_Inc.	UnitedStates
bigdeal.ro	89.36.25.61	NONE	39756	ROHOSTWAY-AS_HOSTWAY_ROMANIA_SRL	Romania
ukr-vestnik.com	91.206.200.78	d150.ukraine.com.ua.	47781	ANSUA-AS_DELTA-X_Ltd	Ukraine
rugia-greifswald.de	193.202.110.123	srv123.one.com.	51468	ONECOM_One.com_A/S	Netherlands

[カテゴリ:spam観察日記]

by jyake

AT＆Tを騙るスパム

TOP

Contents

About cNotes

What's New