More NACHA spam leading to a malicious payload:
Date: 31 January 2012 22:55
Subject: ACH transaction faultThe ACH transaction ID: 415864020375, that had been effectuated from your banking account lately, was rejected by the the bank of the recipient.
ACH transfer declined
Transaction ID: 415864020375
Details: please see the report below for details
Transaction Report report_415864020375.doc (Microsoft Word Document)13450 Sunrise Valley Drive, Suite 100
Herndon, VA 201712011 NACHA – The Electronic Payments Association
This leads to a malicious payload at sulusate.com/search.php?page=977334ca118fcb8c, hosted on 209.59.220.98 (Endurance International Group, US). A Wepawet report for the malicious page is here.
Blocking the IP will prevent other malicious sites on the same server from doing their stuff. Endurance International has hosted several such malicious sites recently.
Leave a reply
