The Latest in IT Security

Discover card spam / netgear-india.net

01
Nov
2012


This fake Discover Card spam leads to malware on netgear-india.net:

From: Discover Account Notes [mailto:[email protected]]
Sent: Thu 01/11/2012 15:32
Subject: Great Details Changes in your Discover card Account Terms

Account Services  |   Customer Care Services           
Account ending in XXX1          
  
An substantial communication regarding latest Declined Transfers is waiting for you.   
     
Log In to Read Information  
    
Honored Discover Client,
 
There is an serious message waiting for you from Discover® card. Please read the message mindfully and keep it with your file.

To ensure optimal privacy, please log in to view your message at Discover.com.
 

Please click on this link if you have forgotten your UserID or Password.
 

Add [email protected] to your address book to ensure delivery of these notifications.

VITAL NOTE

This message was delivered to [redacted] for Discover debit card account number ending with XXX1.

You are receiving this e-mail because you have account at Discover.com.

Log in to change your e-mail address or overview your account e-mail options.

If you have any questions about your account, please Login to leave us a message securely and we would be glad to support you.

Please DO NOT reply to this message. auto informer system cannot accept incoming email.

DISCOVER and other trademarks, logos and service marks used in this e-mail are the trademarks of Discover Financial Services or their respective third-party owners.

Discover Banking Ltd.
P.O. Box 84265
Salt Lake City, SC 76433
2012 Discover Bank, Member FDIC
[redacted]

========

From: Discover Account Notes [mailto:[email protected]]
Sent: Thu 01/11/2012 16:36
Subject: Substantial Information about your Discover Account

Account Center   |   Customer Center         
               Account ending in XXX9        

 
An significant message regarding latest Approved Activity is waiting for you.
   
Log In to Overview Details  
    
Respective Cardholder,
  
There is an important message waiting for you from Discover® card. Please read the message carefully and keep it with your archive.

To ensure optimal privacy, please sign in to read your data at Discover.com.

Please visit discover.com if you have forgotten your Login ID or Password.

Add [email protected] to your trusted emails to ensure delivery of these messages.

VITAL NOTIFICATION

This e-mail was sent to [redacted] for Discover card account No. ending with XXX9.

You are receiving this e-mail because you member of Discover.com.

Log in to change your e-mail address or view your account e-mail settings.

If you have any questions about your account, please Enter your account to leave us a message securely and we would be blissful to help you.

Please don’t reply to this message. auto-notification system cannot accept incoming mail.

DISCOVER and other trademarks, logos and service marks used in this e-mail are the trademarks of Discover Financial Services or their respective third-party owners.

Discover Banking Llc.
P.O. Box 85486
Seashore City, NV 91138
2012 Discover Bank, Member FDIC
[redacted]

The malicious payload is at [donotclick]netgear-india.net/detects/discover-important_message.php hosted on 183.180.134.217 (RAT CO, Japan). The following domains are on that same IP, and judging by the registration details they should also be considered as malicious:
itracrions.pl
radiovaweonearch.com
steamedboasting.info
solla.at
netgear-india.net
puzzledbased.net
stempare.net
questionscharges.net
bootingbluray.net

Leave a reply


Categories

SATURDAY, SEPTEMBER 23, 2017

Featured

Archives

Latest Comments

Social Networks