Sponsored by..

Wednesday 26 December 2012

NACHA spam / bunakaranka.ru:

This fake ACH / NACHA spam leads to malware on bunakaranka.ru:

Date:      Wed, 26 Dec 2012 06:48:11 +0100
From:      Tagged [Tagged@taggedmail.com]
Subject:      Re: Fwd: Banking security update.

Dear Online Account Operator,

Your ACH transactions have been
temporarily disabled.
View details

Best regards,
Security department
The malicious payload is on [donotclick]bunakaranka.ru:8080/forum/links/column.php hosted on the following well-known IPs:

91.224.135.20 (Proservis UAB, Lithuania)
187.85.160.106 (Ksys Soluções Web, Brazil)
210.71.250.131 (Chunghwa Telecom, Taiwan)


Plain list:
91.224.135.20
187.85.160.106
210.71.250.131

Associated domains:
bunakaranka.ru
afjdoospf.ru
angelaonfl.ru
akionokao.ru
apendiksator.ru
bilainkos.ru

No comments: