Sponsored by..

Tuesday, 10 September 2013

ACH file ID "999.107" has been processed successfully spam / www.fiscdp.com.airfare-ticketscheap.com

This fake FISC ACH spam leads to malware on www.fiscdp.com.airfare-ticketscheap.com:

Date:      Tue, 10 Sep 2013 17:05:49 +0530 [07:35:49 EDT]
From:      Financial Institution Service [improvehv89@m.fiscdp.gov]
Subject:      ACH file ID "999.107"  has been processed successfully

Files FISC Processing Service

SUCCESS Notification
We have successfully handled ACH file 'ACH2013-09-09-62.txt' (id '999.107') submitted by user '[redacted]' on '2013-09-09 12:06:67.7'.
FILE SUMMARY:
Item count: 9
Total debits: $13,365.83
Total credits: $13,365.83

To find out more information   browse this link

The link in the email goes to a legitimate hacked site and then on to a malware landing page at [donotclick]www.fiscdp.com.airfare-ticketscheap.com/news/opens_heads_earlier.php (reports here and here) hosted on:
66.230.163.86 (Goykhman And Sons LLC, US)
95.87.1.19 (Trakia Kabel OOD , Bulgaria)
174.142.186.89 (iWeb Technologies)

The WHOIS details for airfare-ticketscheap.com are fake and the domain was registered just yesterday:
      LORIANN PERKINS
      8125 MANITOBA ST.
      PALYA DEL MAR, CA 90293
      US
      Phone: +1.7607224337
      Email: mybigben56@yahoo.com


The IPs in use indicate that this campaign forms part of the Amerika spam run. Several other malicious sites are on the same server, and I would recommend that you block the following in conjunction with this list:
66.230.163.86
95.87.1.19
174.142.186.89
actiry.com
airfare-ticketscheap.com
appsmartsecurity.com
bluavoughogma.com
boxbass.com
cernanrigndnisne55.net
certierskieanyofthe23.net
cosamortranas.com
dashuxmaecrme.com
dolekotoukart.com
dulethcentury.net
dvdramrautosel.su
email.pinterest.com.lacave-enlignes.com
evreisorinejsopgmrjnet28.net
explic.net
facebook.com.achrezervations.com
facebook.com.n.find-friends.lindoliveryct.net
favar.net
gggrecheskiysala99.net
giabit.net
gormonigraetnapovalahule26.net
hdmltextvoice.net
herbergers.com.content.customer-service.laptopsinstalled.net
hyatt.com.reservations.reservation.roccoscollar.net
includedtight.com
invoices.ulsmart.net
irs.gov.successsaturday.net
joyrideengend.net
lacave-enlignes.com
lhobbyrelated.com
liliputttt9999.info
magiklovsterd.net
microsoftstore.com.store.msusa.en_us.displaydownloadhistorypage.kemingpri.com
molul.com
musicstudioseattle.net
nacha-ach-processor.com
paypal.com.us.cmd.stjamesang.net
photos.walmart.com.orders.stjamesang.net
prgpowertoolse.su
spotssmalldor.com
www.facebook.com.achrezervations.com
www.fiscdp.com.airfare-ticketscheap.com
www.irs.gov.successsaturday.net
www.linkedin.com.achrezervations.com
www.nacha.org.multiachprocessor.com
www.nacha-ach-processor.com
www.redsox.com.tickets-service.lindoliveryct.net


No comments: