The Latest in IT Security

NACHA Spam / hakkabout.com and kansamentos.com

02
Feb
2012

More NACHA spam with a malicious payload..

Date:      Thu, 1 Feb 2012 13:05:58 +0100
From:      [email protected]
Subject:      Rejected ACH payment

The ACH transfer (ID: 424339813641), recently sent from your bank account (by you or any other person), was canceled by the other financial institution.

Canceled transfer
Transaction ID:     424339813641
Reason for rejection     See details in the report below
Transaction Report     report_424339813641.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

2011 NACHA – The Electronic Payments Association

The link redirects through a couple of legitimate hacked sites and ends up on hakkabout.com/search.php?page=73a07bcb51f4be71 on 96.126.117.251 (Linode, US). According to Wepawet, a subsequent download is attempted from kansamentos.com/forum/index.php?showtopic=192151 on 66.151.138.179  (Nuclear Fallout Enterprises, US). Blocking those two IPs is probably a good idea, although it isn’t the first time that Linode or Nuclear Fallout Enterprises have hosted malware recently and it may not be the last.

Related posts:
  1. NACHA Spam / matoreria.com
  2. NACHA Spam / sulusify.com
  3. NACHA Spam / downloaddatafast.serveftp.com
  4. NACHA Spam / badthen.com
  5. NACHA Spam / cgredret.ru

Tags:  
Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

WEDNESDAY, APRIL 24, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments