Problem with your payment ( from Skype )
Published: 2010/06/17
「FIFA World Cup South Africa... bad news - 薬系ときどき8080系」のSkypeからの未払い請求を騙るバージョン。
添付される
Skype.html
のなかみはこれ
難読化をとくと
http://kendoaruba.net/zx.htm
が現れ、そこにアクセスするとこのようなスクリプト
最初のURLはこんな広告ーページ
あいかわらずPDF系のファイルがダウンロードされるらしいですが、ここの環境ではうまくダウンロードできません。
Domain Name: KENDOARUBA.NET Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: DNS1.HRNOC.NET Name Server: DNS2.HRNOC.NET Status: ok Updated Date: 06-aug-2009 Creation Date: 06-aug-2009 Expiration Date: 06-aug-2010
KENDOARUBA.NET has address 66.147.226.194 OrgName: HostRocket Web Services OrgID: HRWE Address: 21 Corporate Drive - Suite 203 City: Clifton Park StateProv: NY PostalCode: 12065 Country: US NetRange: 66.147.224.0 - 66.147.239.255 CIDR: 66.147.224.0/20 NetName: HRWEBSERVICES-2 NetHandle: NET-66-147-224-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: DNS1.HRNOC.NET NameServer: DNS2.HRNOC.NET NameServer: DNS3.HRNOC.NET NameServer: DNS4.HRNOC.NET
Domain Name: POWERLINECOLTD.COM Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS03.DOMAINCONTROL.COM Name Server: NS04.DOMAINCONTROL.COM Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 09-jun-2009 Creation Date: 09-jun-2009 Expiration Date: 09-jun-2011
blog.powerlinecoltd.com has address 91.121.30.165 inetnum: 91.121.0.0 - 91.121.31.255 netname: OVH descr: OVH SAS descr: Dedicated Servers descr: http://www.ovh.com country: FR
by jyake