Date: Fri, 16 Dec 2011 04:12:15 +0400
From: "Freeman Ballard" [Freeman.Ballard@campioni.info]
Subject: URGENT! Security system updates
In order to prevent new cases of wire fraud, we have introduced a new security system. In this connection all the account transactions of our customers have been suspended unless the special security requirements are met.. In order to rehabilitate your account, you need to
Install a special security software. Please use the link below to read the instructions for the installation of the latest security version.
We apologize for the inconveniences caused to you by this measure.
Please do not hesitate to contact us if you have any questions.
FDIC Call Center 1-877-275-3342 (1-877-ASKFDIC)
or Email Address: firstname.lastname@example.org
8:00 am - 8:00 pm ET; Monday-Friday
9:00 am - 5:00 pm ET; Saturday-Sunday
For the Hearing Impaired Toll Free 1-800-925-4618 / Local (VA) 703-562-2289
The link goes through a legitimate hacked site and tries to direct the user to a malicious page at sownload.zapto.org/main.php?page=db3408bf080473cf hosted on 18.104.22.168 (InfraVPS Network Solutions, Philippines). Blocking the IP address is preferable because there may more other malicious domains on that server.