cNotes 検索 一覧 カテゴリ

Update for Microsoft Outlook spam受信

Published: 2009/06/29

Update for Microsoft Outlook spam継続中」に該当するスパムが6月23日から6月27日の5日間に、6通ほど届きましたので、これらの件名、日付、誘導先URL、発信元をリストにしてみました。文面は「Outlookユーザーをターゲットとしたスパム 追記2」と同じなので省略します。

 Subject: Microsoft has released an update for Microsoft Outlook
 Date: Tue, 23 Jun 2009 09:25:55 -0300
 URL: http://update.microsoft.com.11hilf.net/microsoftofficeupdate/isapdl/default.aspx
 Received: from 189-113-76-1.cliente.sumicity.com.br (unknown [189.113.76.1]) 
           by xxxxx; Tue, 23 Jun 2009 21:26:57 +0900 (JST)
 Received: from 189.113.76.1 by mxlb.ispgateway.de; Tue, 23 Jun 2009 09:25:55 -0300
 Subject: Update for Microsoft Outlook
 Date: Wed, 24 Jun 2009 00:53:42 -0500
 URL: http://update.microsoft.com.11hilf.net/microsoftofficeupdate/isapdl/default.aspx
 Received: from QCVOHPNIAO (unknown [190.234.93.208]) 
           by xxxxx; Wed, 24 Jun 2009 14:53:47 +0900 (JST)
 Received: from 190.234.93.208 by sunda.sig.net.id; Wed, 24 Jun 2009 00:53:42 -0500
 Subject: Install Update for Microsoft Outlook
 Date: Thu, 25 Jun 2009 01:34:58 +0900
 URL: http://update.microsoft.com.il1il1.com.mx/microsoftofficeupdate/isapdl/default.aspx
 Received: from TEXTNXQQX (unknown [221.133.55.116]) 
           by xxxxx; Thu, 25 Jun 2009 01:35:00 +0900 (JST)
 Received: from 221.133.55.116 by mx2.southern.net; Thu, 25 Jun 2009 01:34:58 +0900
 Subject: Install Critical Update for Microsoft Outlook
 Date: Thu, 25 Jun 2009 16:25:17 -0300
 URL: http://update.microsoft.com.1lj1ki1.com/microsoftofficeupdate/isapdl/default.aspx
 Received: from speedtouch.lan (unknown [189.105.94.251]) 
           by xxxxx; Fri, 26 Jun 2009 04:28:40 +0900 (JST)
 Received: from 189.105.94.251 by SDGE.com.s8a1.psmtp.com; Thu, 25 Jun 2009 16:25:17 -0300
 Subject: Microsoft Outlook Critical Update
 Date: Fri, 26 Jun 2009 04:32:55 -0300
 URL: http://update.microsoft.com.11f1lkj.com/microsoftofficeupdate/isapdl/default.aspx
 Received: from 187-35-176-166.dsl.telesp.net.br (unknown [187.35.176.166]) 
           by xxxxx; Fri, 26 Jun 2009 16:33:40 +0900 (JST)
 Received: from 187.35.176.166 by smtp-v.fe.bosch.de; Fri, 26 Jun 2009 04:32:55 -0300
 Subject: Microsoft Outlook Critical Update
 Date: Fri, 26 Jun 2009 21:55:33 +0530
 URL: http://update.microsoft.com.ijlkif.net/microsoftofficeupdate/isapdl/default.aspx
 Received: from JOZHJPBDM (unknown [59.97.233.8]) 
           by xxxxx; Sat, 27 Jun 2009 01:25:35 +0900 (JST)
 Received: from 59.97.233.8 by spamfilter.isolainformatica.it; Fri, 26 Jun 2009 21:55:33 +0530

http://update.microsoft.com.ijlkif.net/ にアクセスしてみると、待機させられた後(上段図)、officexp-KB910721-FullFile-ENU.exe ダウンロードページが表示されます(下段図)。officexp-KB910721-FullFile-ENU.exe を確認した結果は、13/41 (31.71%)で次の通りでした。

http://www.virustotal.com/analisis/b6c9a2125a43133d681be0e27aac281f404e29b5e6f031d04a789ff6f0bc8218-1246034370

[カテゴリ:spam観察日記]

by @Sam