Sponsored by..

Monday, 2 July 2012

TD Ameritrade Spam / ghanarpower.net

This convincing-looking TD Ameritrade spam leads to malware at ghanarpower.net:

Your account ending in XXX7     Log on


Your statement is now available online

Dear Valued Client,

Your statement for your TD Ameritrade account ending in XXX7 is now available online.

Access your statements
To view your statement (along with previous statements), please Log On to your account and choose "History & Statements" (under Accounts). Then click the "Statements" tab, select the appropriate month(s) under the "View statements" drop-down menu, then click the "View" button.

We're here to help
If you have any questions, please log on to your account and click "Message Center" (under Home) to write us. A representative will respond through your Message Center inbox. You can also call Client Services at 800-669-3900. We're available 24 hours a day, seven days a week.


Tom Bradley
President, Retail Distribution
TD Ameritrade

The malware can be found on [donotclick]ghanarpower.net/main.php?page=8c6c59becaa0da07 (report here) hosted on (, OVH Ireland).

The following IPs and domains are connected to this attack and should also be blocked:

No comments: