Sponsored by..

Monday, 25 February 2013

"TrustKeeper Vulnerabilities Scan Information" spam / saberdelvino.net

Well this is new.. this "TrustKeeper Vulnerabilities Scan Information" spam leads to an exploit kit on saberdelvino.net:

From: Trustwave [porosity@e.trustwave.com]
Date: 25 February 2013 17:09
Subject: TrustKeeper Vulnerabilities Scan Information

To view this email as a web page, go here.

view email in a web browser
[redacted]
 

This is an auto-generated report to notice you that the scheduled TrustKeeper vulnerability scan of YOUR NETWORK SYSTEMS has completed and is not compliant.

IMPORTANT: During the scan, TrustKeeper Identified  some Vulnerabilities. Trustwave strongly recommends you review these findings as your overall PCI DSS compliance status may be affected.

TrustKeeper generated a vulnerability scan report. You may view these results by accessing TrustKeeper at:

    https://secure.trustwave.com
    User Name:[redacted]

You will receive an e-mail confirmation when the scan completes and your results are available.   Please note that this can take up to three days.

Note: If you monitor your network for activity, note that the TrustKeeper scan may originate from IP addresses in these ranges:

206.10.209.0/24
62.36.233.0/24

TrustKeeper is a certified remote assessment and compliance solution created by Trustwave and designed to help merchants meet the PCI DSS and achieve compliance with the associated programs of Visa®, MasterCard®, American Express®, Discover®, and other credit card associations. The TrustKeeper solution is an integrated easy-to-use tool that removes the challenge of navigating the complex PCI DSS requirements and provides a "one stop shop" for merchants to certify compliance.    

PLEASE DON'T REPLY TO THIS MESSAGE VIA EMAIL.
This mail is sent by an automated message system and the reply will not be received. Thank you for using TrustKeeper.

This email was sent to: [redacted]

This email was sent by: Trustwave
80 West Madison Street, Suite 1080, Chicago, IL, 60707, USA

We respect your right to privacy - view our policy
   

MANAGE SUBSCRIPTIONS           |            UPDATE PROFILE              |          ONE-CLICK UNSUBSCRIBE


The malicious payload is at [donotclick]saberdelvino.net/detects/random-ship-members-daily.php (report here) hosted on the following IPs:

118.97.77.122 (PT Telekon, Indonesia)
176.120.38.238 (Langate, Ukraine)

Blocklist:
118.97.77.122
176.120.38.238
greatfallsma.com
yoga-thegame.net
dekolink.net
saberdelvino.net
betheroot.net


1 comment:

Mark Rich said...

I saw it here http://fakeletters.org/scam-emails/trustkeeper-network-scan-notification/ it says that the phishing url is nicosiaircDOTeu/components/com_pagerankchecker/scrdetd.html
Can the offending website get shut down?