Date: Tue, 9 Jul 2013 15:36:42 -0500A sender's email address of firstname.lastname@example.org is seen in another sample. The link goes through a legitimate hacked site and ends up an a malware laden page at [donotclick]autorize.net.models-and-kits.net/news/shortest-caused-race.php (report here) hosted on:
Subject: Payment File Successfully Processed
*** PLEASE DO NOT REPLY TO THIS MESSAGE***
Dear Batch Provider,
This message is being sent to inform you that your payment file has successfully processed. 2013-07-09-12.08.00.815358
Detailed information is available by logging into the Batch Provider software by clicking this link and performing a Sync request.
Contact Us: EFTPS Batch Provider Customer Service
at this link
188.8.131.52 (Acens Technlogies, Spain)
184.108.40.206 (TPL Trakker Ltd, Pakistan)
220.127.116.11 (Novell Inc, US)
18.104.22.168 (UniNet, Thailand)
All these IPs and more can be found in this recommended blocklist. Out of these four IPs we can see the following malicious domains which should also be blocked if you can't block the IPs themselves..
Update: a different spam is also circulating with the same payload:
Date: Tue, 9 Jul 2013 06:56:26 -0800
From: "Authorize . Net" [email@example.com]
Subject: Successful Credit Card Settlement Report.
Your Authorize.Net ID is: 1263577
The following is your Credit Card settlement report for Sunday, July 09, 2013.
Transaction Volume Statistics for Settlement Batch dated 9-Jul-2013 11:0:55 PDT:
Batch ID: 668271114
Business Day: 09-Jul-2013
Net Batch Total: 9,917.74 (USD)
Number of Charge Transactions: 99
Amount of Charge Transactions: 9,917.74
Number of Refund Transactions: 7
Amount of Refund Transactions: 105.64
Warning! Your Batch limits for July exceeded!
To view details, please click here to log into the Merchant Interface.
If you have any questions regarding this settlement report, please contact your bank or you can contact Customer Support at this link.
*** You received this email because you chose to be a Credit Card Report recipient. You may change your email options by logging into the Merchant Interface. Click on Settings and Profile in the Main Menu, and select Manage Contacts from the General section. To edit a contact, click the Edit link next to the contact that you would like to edit. Under Email Types, select or deselect the Email types you would like to receive. Click Submit to save any changes. Please do not reply to this email.