The Latest in IT Security

This fake Citibank spam leads to malware on platinumbristol.net:

From:     citibankonline@serviceemail1.citibank.com via pado.com.br
Date:     12 December 2012 15:38
Subject:     Account Alert
Mailed-by:     pado.com.br

Citi    
Email Security Zone     EMAIL SECURITY AREA    
   
ATM/Credit card ending in: XXX7      
 
Alerting System
   
Bill Payment

Ultimate Savings Account (USA) XXXXXXXXX2
Amount Debited: $2,973.22
Date: 12/12/12

Log In to Overview Transaction
       
Bill Payment

Ultimate Savings Account (USA) XXXXXXXXX2
Amount Credited: $.97
Date: 12/12/12

Visit this link to Overview Detailed information
   
ABOUT THIS MESSAGE
Please DO NOT reply to this message. auomatic informational system unable to accept incoming messages.
              
Citibank, N.A. Member FDIC.
S 2012 Citigroup Inc. Citi with Arc Design and Citibank are registered service marks of Citigroup Inc.

========================

From:     citibankonline@serviceemail5.citibank.com via clickz.com
Date:     12 December 2012 15:39
Subject:     Account Notify
Mailed-by:     clickz.com

Citi    
Email Security Zone     EMAIL SAFETY AREA      
            
ATM/Debit card ending in: XXX7      
 
Alerting System

Money Transfer Report

Savings Account XXXXXXXXX8
Amount Withdrawn: $3,620.11
Date: 12/12/12

Visit this link to Cancel Details

Money Transfer Report

Savings Account XXXXXXXXX8
Amount Withdrawn: $.38
Date: 12/12/12

Sign In to Overview Details

ABOUT THIS MESSAGE
Please Not try to reply to this message. automative notification system unable to accept incoming messages.
      
Citibank, N.A. Member FDIC.
© 2012 Citigroup Inc. Citi with Arc Design and Citibank are registered service marks of Citigroup Inc. 

========================

Date:      Wed, 12 Dec 2012 23:16:15 +0700
From:      alets-no-reply@serviceemail6.citibank.com
Subject:      Account Insufficient funds

EMAIL SAFETY ZONE    
       
ATM/Debit card ending in: XXX0    
       
Notifications System
   
Transaction Announcement

Ultimate Savings Account (USA) XXXXXXXXX4
Amount Debited: $4,222.19
Date: 12/12/12

Login to Abort Detailed information

Transaction Announcement

Ultimate Savings Account (USA) XXXXXXXXX4
Amount Credited: $.41
Date: 12/12/12

Go to web site by clicking here to See Operation

ABOUT THIS MESSAGE

Please Not try to reply to this message. automative notification system cannot accept incoming mail.
   
Citibank, N.A. Member FDIC.

� 2012 Citigroup Inc. Citi with Arc Design and Citibank are registered service marks of Citigroup Inc.

========================

Date:      Wed, 12 Dec 2012 20:07:46 +0400
From:      citibankonline@serviceemail8.citibank.com
Subject:      Account Operation Alert

EMAIL SECURITY ZONE    
       
Credit card ending in: XXX0    
       
Notifications System
   
Bill Payment

Ultimate Savings Account (USA) XXXXXXXXX3
Amount Credited: $5,970.51
Date: 12/12/12

Click Here to Review Transaction

Bill Payment

Ultimate Savings Account (USA) XXXXXXXXX3
Amount Withdrawn: $.11
Date: 12/12/12

Sign In to View Operation

ABOUT THIS MESSAGE

Please don’t reply to this message. auomatic informational system cannot accept incoming mail.
   
Citibank, N.A. Member FDIC.

� 2012 Citigroup Inc. Citi with Arc Design and Citibank are registered service marks of Citigroup Inc.

The malicious payload is at [donotclick]platinumbristol.net/detects/alert-service.php hosted on the same 59.57.247.185 IP address in China that has been used in several recent attacks. This is definitely an IP to block if you can.

I can see the following evil domains on that same server:
eaglepointecondo.org
sessionid0147239047829578349578239077.pl
securityday.pl
pleansantwille.com
labpr.com
ibertomoralles.com
shopgreatvideonax.com
eaglepointecondo.co
naky.net
ygsecured.ru
romoviebabenki.ru
robertokarlosskiy.su
platinumbristol.net