Sponsored by..

Friday 5 July 2013

EBC "Password Reset Confirmation" spam / paynotice07.net

This fake password reset spam leads to malware on paynotice07.net:

From: EBC_EBC1961Registration@ebank6.secureaps.com
Sent: 05 July 2013 12:27
Subject: Password Reset Confirmation


Your Online Bankking password was successfully changed on 07/05/2013. If you did not make this change, or if you have any questions, please contact EBC Technical Support using this link.

Support is available Monday - Friday, 8 AM to 8 PM CST.

This is an automated message, please do not reply. Your message will not be received.
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************ 
The link goes through a legitimate hacked site and ends up on a payload at [donotclick]paynotice07.net/news/must-producing.php (report here) hosted on the following IPs:

189.84.25.188 (DataCorpore Serviços e Representações, Brazil)
202.28.69.195 (Walailuk University, Thailand)

Blocklist:
189.84.25.188
202.28.69.195
afabind.com
aniolyfarmacij.com
condalinneuwu5.ru
condalnua745746.ru
ehnihjrkenpj.ru
ehnihujasebejav15.ru
gnanisienviwjunlp.ru
grivnichesvkisejj50.ru
patrihotel.net
paynotice07.net
pinterest.com.reports0701.net
reports0701.net
reveck.com
sartorilaw.net
sendkick.com
smartsecurity-app.com

No comments: