The links lead to compromised websites hosting malware - Kuluoz/Asprox downloader
Microsoft TrojanDownloader:Win32/Kuluoz.D 20131227
AhnLab-V3 Trojan/Win32.Asprox 20131227 Ikarus Trojan.Win32.Meredrop 20131227 TheHacker Posible_Worm32 20131227 Rising PE:Malware.FakeDOC@CV!1.9C3C 20131227 TrendMicro-HouseCall PAK_Generic.001 20131227 TrendMicro PAK_Generic.001 20131227 Sophos Mal/Weelsof-E 20131227 McAfee Artemis!465795B5F874 20131227 McAfee-GW-Edition Artemis!465795B5F874 20131227
========
From: Walmart <stephanie@carlsbadortho.com>
To:
Cc:
Date: Fri, 27 Dec 2013 11:24:34 +0700 Subject: Delivery Canceling
|
Date: | Thu, 26 Dec 2013 02:04:18 +0100 |
From: | Walmart <vivian_zb@formosa.sina.net> |
To: | |
Subject: | Standard Delivery Failure |
Walmart Save money. Live better. | ||
Sir/Madam,
Your order WM-001227458 <http://ag376.us/media/YzzCyDSGYnaWb1/7UQREFk8d7z2iKr7+OC+K8q14uxY=/WalmartForm>
delivery has failed because the address was not specified correctly. You are advised to fill this form and send it back to us.
If your reply is not received within one week, you will be paid your money back but 17% will be deducted since you order was booked for Christmas holidays. |
Envelope To:
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative; boundary="b1_b18cd0f1f5d23290598dd89434faec65"
Date: Fri, 27 Dec 2013 11:24:34 +0700
From: Walmart <stephanie@carlsbadortho.com>
MIME-Version: 1.0
Message-ID: <b18cd0f1f5d23290598dd89434faec65@com>
..
Received: from kitt.3treepoint.com ([216.162.203.106]) by iron3-mx.tops.gwu.edu with ESMTP; 26 Dec 2013 23:24:58 -0500
Received: from sibotakusaiten.ru (62-68-140-214.tomtelnet.ru [62.68.140.214]) by kitt.3treepoint.com with SMTP; Thu, 26 Dec 2013 20:24:39 -0800
x-sender="stephanie@carlsbadortho.com"; x-conformance=spf_only; x-record-type="v=spf1"
..
Reply-To: Walmart <stephanie@carlsbadortho.com>
Return-Path: <stephanie@carlsbadortho.com>