The Latest in IT Security

Malformed “nacha5_sbj}” spam leads to malware

10
Feb
2012

Some stupid spammer has screwed up their campaign:

Date:      Fri, 9 Feb 2012 20:07:15 +0430
From:      [email protected]
Subject:      nacha5_sbj}
Attachments:     nacha.jpg

The following information concerns the ACH transfer that was originally effectuated by you or any other person on 02-02-2012.

Transaction ID:
    89024101013314
Transaction status:    declined
Supplementary information:    Please read the detailed report

Faithfully,
Violette Coirs.

2012 NACHA – The Electronic Payments Association

This is a system generated email. Please do not respond.

The malicious payload is synergyledlighting.net/main.php?page=4e4959105994cf84  hosted on 131.94.130.132 (Florida International University, US) and 173.236.78.113 (Singlehop, US). That same domain was found in this spam, although one of the IPs has changed since then.

The Florida International University IP address gives a clue as to what is going on here – these servers are most likely hacked rather than rented. This also explains why some IPs have seemingly legitimate sites on them. Still, blocking access to these IPs is the safest thing to do.

Related posts:
  1. NACHA Spam / matoreria.com
  2. NACHA Spam / sulusate.com
  3. NACHA Spam/ ragsnip.com
  4. NACHA Spam / chillechart.com and chillepay.com
  5. NACHA Spam / sulusify.com

Tags:  
Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

WEDNESDAY, APRIL 24, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments