This convincing-looking TD Ameritrade spam leads to malware at ghanarpower.net:
________________________________________
Your account ending in XXX7 Log on________________________________________
Your statement is now available online
Dear Valued Client,
Your statement for your TD Ameritrade account ending in XXX7 is now available online.
Access your statements
To view your statement (along with previous statements), please Log On to your account and choose “History & Statements” (under Accounts). Then click the “Statements” tab, select the appropriate month(s) under the “View statements” drop-down menu, then click the “View” button.We’re here to help
If you have any questions, please log on to your account and click “Message Center” (under Home) to write us. A representative will respond through your Message Center inbox. You can also call Client Services at 800-669-3900. We’re available 24 hours a day, seven days a week.Sincerely,
Tom Bradley
President, Retail Distribution
TD Ameritrade
The malware can be found on [donotclick]ghanarpower.net/main.php?page=8c6c59becaa0da07 (report here) hosted on (188.165.1.192, OVH Ireland).
The following IPs and domains are connected to this attack and should also be blocked:
ecocabmedia.net
ghanarpower.net
lessthansmoothmasculine.com
68.171.101.22
92.201.139.15
188.165.1.192
109.164.221.176
211.157.105.160
Leave a reply
