2014-07-22 - ASPROX BOTNET FAKE E-ZPASS PHISHING EMAILS

NOTES:

• The particular phishing campaign from the Asrpox botnet continues.  A co-worker sent me a copy of one he received on a personal email account on Monday, July 21.
• The link to the malware was not active, so I don't have a sample for this blog entry.
• However, I've included a spreasheet with sending IP addresses, sending host names, message ID headers, subject lines I've run across in the last 24 hours.
• Link to the spreadsheet:  2014-07-22-fake-toll-road-phishing-emails-for-24-hours.csv

 

 

EMAIL EXAMPLE

SCREENSHOT:

 

SUBJECT LINE:

Indebtedness for driving on toll road

 

MESSAGE:

Dear customer,

You have not paid for driving on a toll road. This invoice is sent repeatedly,
please service your debt in the shortest possible time.

The invoice can be downloaded here.

 

LINK FROM THE EMAIL TO THE MALWARE:

192.185.163.137 - kerryrefkindesigns.com/wp-content/plugins/rw.php?toll=9L5s/mLfAM6LlinEpZIwu/4GiHTq8MZRQkK+Fsg7GwY=

 

Click here to return to the main page.