I received 4 spam e-mails earlier that housed 4 links pointing to zip files on 4 sites housed on rZone.de (Cronon) IP space - all of the files contain trojans - more on that later.
As I normally do, I tried dropping the address listed in the net-block info an e-mail (firstname.lastname@example.org and email@example.com), sadly it seems they don't want to receive abuse reports;
And yep, I tried sending via both my Malwarebytes address and my normal it-mate.co.uk address.
Until they stop rejecting abuse reports, I'd strongly recommend you put a block on their IP range.
The offending URLs, for those wondering;
hxxp://praxisreuss.de/info/Profiel.zip - 18.104.22.168
hxxp://www.karate-shanghai.de/download/Profiel.zip - 22.214.171.124
hxxp://www.edv-xp.de/info/Profiel.zip - 126.96.36.199
hxxp://www.foodoffice.de/download/Profiel.zip - 188.8.131.52
Domains the malware contacts;
duffiduffid.ru -> /stat/stat3.php
dzmeritelshop.ru -> /dbs/0088.exe
dzmeritelshop.ru -> /dbs/images.php
dzmeritelshop.ru -> /dbs/logo84.php
Both of these are housed at;
luigimonaco.org -> /_private/loadera5.exe
AS: 12363 184.108.40.206/22 DADA-AS DADA S.p.a.
Registrars and hosts/ISPs have been notified.