Sponsored by..

Friday, 21 June 2013

"Unusual Visa card activity" spam / anygus.com

It's not usually like these guys to mess up so badly, but this FAIL of a Visa spam leads to malware on anygus.com. Note the bits in {braces} that should have content..

From:     Visa Anti-Fraud [upbringingve@visabusiness.com]
Date:     21 June 2013 17:36
Subject:     Unusual Visa card activity

we {l1} detected {l2} activity in your business visa account.

please click here to view {l4}
your case id is: {symbol}{dig}

look for unexpected charges or questionable activity, and if you see anything suspicious,don't wait to act.

this added security is to prevent any additional fraudulent charges from taking place on your account.


notice: this visa communication is furnished to you solely in your capacity as a customer of visa inc. (or its authorized agent) or a participant in the visa payments system. by accepting this visa communication, you acknowledge that the information contained herein (the "information") is confidential and subject to the confidentiality restrictions contained in visa's operating regulations, which limit your use of the information. you agree to keep the information confidential and not to use the information for any purpose other than in your capacity as a customer of visa inc. or a participant in the visa payments system. the information may only be disseminated within your organization on a need-to-know basis to enable your participation in the visa payments system.

please be advised that the information may constitute material nonpublic information under u.s. federal securities laws and that purchasing or selling securities of visa inc. while being aware of material nonpublic information would constitute a violation of applicable u.s. federal securities laws. this information may change from time to time. please contact your visa representative to verify current information. visa is not responsible for errors in this publication. the visa non-disclosure agreement can be obtained from your visa account manager or the nearest visa office.

this message was sent to you by visa, p.o. box 8999, san francisco, ca 94128. please click here to unsubscribe. 
Despite the errors in the email it still ends up going through a hacked legitimate site to a Blackhole Exploit kit at [donotclick]anygus.com/news/fewer_tedious_mentioning.php (report here) hosted on the following IPs:
193.254.231.51 (Universitatea Transilvania Brasov, Romania)
202.147.169.211 (LINKdotNET Telecom, Pakistan)

Recommended blocklist:
193.254.231.51
202.147.169.211
anygus.com
appasnappingf.com
condalinarad72234652.ru
condalinneuwu5.ru
condalinra2735.ru
condalnuas34637.ru
condalnuashyochetto.ru
diamondbearingz.net
dirvers.net
drivesr.com
eheranskietpj.ru
ehnihjrkenpj.ru
ehnutidalvchedu.ru
ejoingrespubldpl.ru
ergopets.com
ermitajohrmited.ru
ghroumingoviede.ru
gnunirotniviepj.ru
gondatskenbiehu.ru
greli.net
gromimolniushed.ru
gstoryofmygame.ru
gurieojgndieoj.ru
jetaqua.com
joinproportio.com
multipliedfor.com
nipiel.com
oxfordxtg.net
oydahrenlitutskazata.ru
pc-liquidations.net
planete-meuble-pikin.com
profurnituree.com
reportingglan.com
reveck.com
rmacstolp.net
safe-browser.biz
sendkick.com
smartsecurityapp2013.com
televisionhunter.com
teszner.net
theislandremembered.com
trleaart.net
twintrade.net
widnows.net
winne2000.net
winudpater.com
ww2.condalinneuwu5.ru
www.condalinarad72234652.ru


No comments: