The Latest in IT Security

NACHA Spam/ ragsnip.com

17
Dec
2011

Yet another round of fake NACHA spam leading to malware is doing the rounds, this time the payload is on ragsnip.com/main.php?page=111d937ec38dd17e hosted on 207.210.96.226 (Global Net Access LLC, Atlanta). Blocking access to the IP is preferable to the domain as there may be other malicious domains on the same server.

An example spam email from this run (it seems no different to all the other ones):

Date:      Fri, 16 Dec 2011 16:43:21 +0100
From:      “[email protected]” [[email protected]]
Subject:      Information on your pending transaction

Attention: Accounting Department

This message contains a report about the ACH debit transfer sent on your behalf, that was detained by our bank:
Transaction #:    007457776956967
Status of the transaction:    pending

In order to resolve this matter, please review the transaction details using the link below as soon as possible.

Faithfully yours,
Kathy Quirk
Accounting Department

Leave a reply


Categories

MONDAY, AUGUST 19, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks