Mailbag

I had some time today, so I thought I'd post this mornings mailbag:

Compromised website (Javascript Compromise):

http://emergency [dot] charlestoncounty [dot] org/index2.asp?p=/ElectedO.htm

PayPal/City Credit Union Phish - with kits:

http://85.45.179.9/icons/small/Secure/home/management/

Kits located at:

http://85.45.179.9/icons/small/www.citycu.org.tar.gz (info goes to alvin.thecrazy@gmail.com)
http://85.45.179.9/icons/small/citycu.org.tar.gz -> (info goes to pep.xxl@gmail.com)
http://85.45.179.9/icons/small/paypal.tar.gz -> (info goes to pep.xxl@gmail.com)

Todays "Breaking News" spam:

From: Tinney
User-Agent: Thunderbird 2.0.0.14 (Windows/20080421)
MIME-Version: 1.0
To: [REDACTED]
Subject: BREAKING news
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Did Bill Clinton Cross the Line? http://www[dot]sakapfet[dot]com/1.html

Attempts to trick users into downloading a fake AV client called Antivirus XP 2008 from antivirusxp-08.com.
Trys to convince users they need to download and run "install.exe" which of course is a trojan. (VirusTotal Output)

Reported malicious domains:

fbcel.org
www.jewelryboxes.net
sakapfet.net
tvmonitoringservice.com
cheahahs.com (msn_video.html)

Bots/Malware:

http://www [dot] 1rc-chat [dot] net/a.exe
http://members [dot] lycos [dot] co [dot] uk/dbrowny/server.exe