The Latest in IT Security

NACHA Spam / badthen.com

14
Dec
2011

More NACHA spam, this time leading to a malicious payload on badthen.com. Stupidly (again) the NACHA email appears to come from linkedin.com.

Date:      Wed, 14 Dec 2011 05:36:48 +0900
From:      “LinkedIn” [[email protected]]
Subject:      ACH transfer suspended

The ACH transaction (ID: 137297301664), recently initiated from your bank account (by you or any other person), was rejected by the Electronic Payments Association.
Rejected transfer
Transaction ID:     137297301664
Rejection Reason     See details in the report below
Transaction Report     report_137297301664.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100

© 2011 NACHA – The Electronic Payments Association

The malware is on badthen.com/main.php?page=977334ca118fcb8c  hosted on 173.230.130.158 (Linode, US). Blocking the IP address will block any other malware domains on the same server.

Leave a reply


Categories

SATURDAY, AUGUST 17, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks