Spam Campaigns go for RTF Documents

A new spam strategy is in the wild. We spoke on a recent article that spammers were using a new trick to bypass anti-spam filters by adding the text on an image and send the image attached as file. Now it seems they changed from image to RTF document:

New Spam Strategy Screenshot

The attached file contains a redirect to a malicious link:

Malicious Link Screenshot

Malicious link details:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
Domain: 9-000.com
Ip Address: 203.93.208.86
 
Administrative Contact:
Name : NIUJINGYI
Organization : NIUJINGYI
Address : CHANGFENGLU51
City : jiujiangshi
Province/State : jiangxisheng
Country : china
Postal Code : 332113
Phone Number : 86-0792-56051418
Fax : 86-0792-56051418
Email : NIUJINGYI@126.COM

Other malicious domains:

1
2
3
4-999.net
7-999.com
4-555.net

We have noticed around 150 spam emails of this type on 48 hours and most senders seem to be ADSL users… is possible the spam campaign was started by a botnet.

Random Posts

Previous Posts