Malware Kuluoz / Asprox botnet - Walmart "Delivery Canceling / "Standard Delivery Failure"

 
The links lead to compromised websites hosting malware - Kuluoz/Asprox downloader
 
 
 
 Microsoft     TrojanDownloader:Win32/Kuluoz.D     20131227
AhnLab-V3     Trojan/Win32.Asprox     20131227
Ikarus     Trojan.Win32.Meredrop     20131227
TheHacker     Posible_Worm32     20131227
Rising     PE:Malware.FakeDOC@CV!1.9C3C     20131227
TrendMicro-HouseCall     PAK_Generic.001     20131227
TrendMicro     PAK_Generic.001     20131227
Sophos     Mal/Weelsof-E     20131227
McAfee     Artemis!465795B5F874     20131227
McAfee-GW-Edition     Artemis!465795B5F874     20131227
 
 
========
From: Walmart <stephanie@carlsbadortho.com>
To: 
Cc:
Date: Fri, 27 Dec 2013 11:24:34 +0700
Subject: Delivery Canceling
Wallmart
 Walmart

     Save money. Live better.
   
Sir/Madam, 

Your order WM-003531744 <http://pryozerne.com/media/06AHX70Cx26BZmm5M/wzYMJYEGMRFi8UpYv05R2aBMo=/WalmartForm>  delivery has failed because the address was not specified correctly. You are advised to fill this form <http://pryozerne.com/media/06AHX70Cx26BZmm5M/wzYMJYEGMRFi8UpYv05R2aBMo=/WalmartForm>  and send it back to us. 


If your reply is not received within one week, you will be paid your money back but 17% will be deducted since you order was booked for Christmas holidays.


2013 Wal-Mart Stores, Inc.

 

Date: Thu, 26 Dec 2013 02:04:18 +0100
From: Walmart <vivian_zb@formosa.sina.net>
To: 
Subject: Standard Delivery Failure
 Walmart
     Save money. Live better.
   
Sir/Madam,

Your order WM-001227458 <http://ag376.us/media/YzzCyDSGYnaWb1/7UQREFk8d7z2iKr7+OC+K8q14uxY=/WalmartForm>
delivery has failed because the address was not specified correctly. You are advised to fill this form and send it back to us.


If your reply is not received within one week, you will be paid your money back but 17% will be deducted since you order was booked for Christmas holidays.
 
 
 
 Envelope From: stephanie@carlsbadortho.com
Envelope To:
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative; boundary="b1_b18cd0f1f5d23290598dd89434faec65"
Date: Fri, 27 Dec 2013 11:24:34 +0700
From: Walmart <stephanie@carlsbadortho.com>
MIME-Version: 1.0
Message-ID: <b18cd0f1f5d23290598dd89434faec65@com>
..
Received: from kitt.3treepoint.com ([216.162.203.106]) by iron3-mx.tops.gwu.edu with ESMTP; 26 Dec 2013 23:24:58 -0500
Received: from sibotakusaiten.ru (62-68-140-214.tomtelnet.ru [62.68.140.214]) by kitt.3treepoint.com with SMTP; Thu, 26 Dec 2013 20:24:39 -0800
x-sender="stephanie@carlsbadortho.com"; x-conformance=spf_only; x-record-type="v=spf1"
..
Reply-To: Walmart <stephanie@carlsbadortho.com>
Return-Path: <stephanie@carlsbadortho.com>

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.