From: ".Афанасьев@fdic.gov" [mailto:firstname.lastname@example.org]In this case the malicious payload is at [donotclick]123435jynfbdf.myWWW.biz./closest/984y3fh8u3hfu3jcihei.php and is hosted on 220.127.116.11 (CoolVDS / Kutcevol Maksum Mukolaevichm, US). At the moment the following domains seem to be active:
Sent: 30 January 2013 15:03
Subject: Changing security requirements
In connection with the introduction of a new security system for the purpose of preventing new cases of wire fraud, all your account ACH and WIRE transactions will be temporarily blocked unless the special security requirements are met.. In order to fully re-establish your account, you are asked to install a special security software. Please open the link below to download and install the latest security version.
We apologize for the inconveniences caused to you by this measure.
Please do not hesitate to contact us if you have any questions.
Federal Deposit Insurance Corporation