This fake spam leads to malware at princess-sales.net:
Date: Tue, 3 Jul 2012 21:38:09 +0530
From: “Micah Bright” [[email protected]]
Subject: sbjTD Ameritrade
Your account ending in XXX7 Log on
Your statement is now available onlineDear Valued Client,
Your statement for your TD Ameritrade account ending in XXX7 is now available online.
Access your statements
To view your statement (along with previous statements), please Log On to your account and choose “History & Statements” (under Accounts). Then click the “Statements” tab, select the appropriate month(s) under the “View statements” drop-down menu, then click the “View” button.We’re here to help
If you have any questions, please log on to your account and click “Message Center” (under Home) to write us. A representative will respond through your Message Center inbox. You can also call Client Services at 800-669-3900. We’re available 24 hours a day, seven days a week.Sincerely,
Tom Bradley
President, Retail Distribution
TD Ameritrade
The malicious payload is at [donotclick]princess-sales.net/main.php?page=7e45713861176c6b (report here) hosted on 203.237.211.223 in Korea.
Leave a reply
