Spam offering Russian Girls A Plenty!

20 01 2011

Our readers are reporting that the Cyber Criminals are sending Spam with malicious links. The criminals are trying to entice users with

Russian Girls and Sex.

“Beware these sites are crawling with Malware!”

—————-——-<Spam Sample>—————–
From: Fance@Franceroo.ru

<Malware Spam>
To: All MS

Hi dear! I am for a decent man.

As for me, I am a young Russian girl
Do you like Russian women?

They are not just beautiful and smart, but very tolerant too.
Russian women value family and try to be with their husbands as much as possible.

It’s time to get to know each other!
See you on marriage agency. Cheerio!

Please, visit this site!

<Malware Link>
URL=http://1.beersexchix.ru/

—————–<>>———————–

Malware Files Created:

  • C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4X23OP2B\jquery.pack[1].js
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GPURSX23\girls_photos[1].jpg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GPURSX23\style[1].css
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODM3O1U3\footer_girls[1].jpg
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODM3O1U3\ie_style[1].css
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ODM3O1U3\x1[1].png
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDUF49AN\1.beersexchix[1].htm

<DNS TRaffic>

  • 1.beersexchix.ru
    IP: 178.208.81.55
    imgs.blyadgirl.ru
    IP: 72.9.107.43
    img.sexforfun.ru
    IP: 72.9.107.43

Malware Site: hxxp://datingwithlove.ru

  • IP:194.85.105.17
    IP:91.216.141.173
    IP:178.208.76.153

Hostmaster.rumacsun.ru point to 72.9.107.43.

Blacklisted – URIBL.com

Malware Found:

* Trojan+FakeVimes
* Trojan.JS
* FakeUpdates
* Fake Antivirus /”free-spy-software.net”
* Trojan-Downloader.Win32.Genome
* TDSS/Rootkit
* Trojan Zeus/ZBOT

Malware DNS Queries:

  • datingwithlove.ru
    IP: 178.208.76.153
    imgs.blyadgirl.ru
    IP: 72.9.107.43
    img.blyadgirl.ru
    IP: 178.208.76.153

More Malware Sites:

* *.cross-the-best.com
* *.gogetsuperr.com
* *.privenowtoo.com
* americangirls.ru
* afur.ru
* dateyourdream.ru
* datingextazy.ru
* datingsasha.ru
* f*-ckmyrussianwife.ru
* lovedatig.ru
* ns1.privenowtoo.com
* ns2.privenowtoo.com
* ns3.gogetsuperr.com
* ns4.gogetsuperr.com
* ns4.iknarr.ru
* ns4.nsxine.ru
* ns4.tiniee.ru
* sexbeerdating.ru
* www.cross-the-best.com
* pevo.ru
* sexyputana.ru
* pornorate.ru
* wantedunitedsex.ru

Good Luck!

Advertisement

«


Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s


Follow

Get every new post delivered to your Inbox.