From: The Electronic Payments Association email@example.com
Reply-To: The Electronic Payments Association
Date: 13 February 2012 10:06
Subject: ACH transfer error
Dear Chief Accounting Officer,
We are sorry to inform you, that Direct Deposit payment (ID801400587332) has not been credited to the receiver account, because of partially missing banking details.
Direct Deposit procedure incomplete
Transaction ID : 801400587332
Details: Please use the transfer correction request below provide the correct banking information.
Transfer Status report-801400587332.doc (Micro soft Word Document)
Membership Education ACH Network ACH Rules Risk & Compliance News & Resources NACHA eStore
13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100
2012 NACHA - The Electronic Payments Association
The payload is a Blackhole exploit kit at beaverday.biz/search.php?page=977334ca118fcb8c (Wepawet report here) which is hosted on 126.96.36.199 (Central Host Inc / Zerigo.net), just a few IPs away from 188.8.131.52 as used in this spam run a few days ago. I have also seen malicious activity on 184.108.40.206 in the same /21.. perhaps Zerigo / Central Host have a problem? Block IPs as you feel is appropriate..