Yet another round of fake NACHA spam leading to malware is doing the rounds, this time the payload is on ragsnip.com/main.php?page=111d937ec38dd17e hosted on 207.210.96.226 (Global Net Access LLC, Atlanta). Blocking access to the IP is preferable to the domain as there may be other malicious domains on the same server.
An example spam email from this run (it seems no different to all the other ones):
Date: Fri, 16 Dec 2011 16:43:21 +0100
From: “[email protected]” [[email protected]]
Subject: Information on your pending transactionAttention: Accounting Department
This message contains a report about the ACH debit transfer sent on your behalf, that was detained by our bank:
Transaction #: 007457776956967
Status of the transaction: pendingIn order to resolve this matter, please review the transaction details using the link below as soon as possible.
Faithfully yours,
Kathy Quirk
Accounting Department
Leave a reply
