Sponsored by..

Showing posts with label Fiji. Show all posts
Showing posts with label Fiji. Show all posts

Wednesday 24 October 2012

BBB Spam / samplersmagnifyingglass.net

This fake BBB spam leads to malware on samplersmagnifyingglass.net:

Date:      Wed, 24 Oct 2012 22:10:18 +0430
From:      "Better Business Bureau" [noreply@bbb.org]
Subject:      Better Business Beareau Appeal #42790699

Attention: Owner/Manager

Here with the Better Business Bureau notifies you that we have been sent a claim (ID 42790699) from one of your consumers about their dealership with you.

Please view the CLAIMS REPORT down to view more information on this problem and suggest us about your point of view as soon as possible.

On a website above please enter your complain id: 42790699 to review it.

We are looking forward to hearing from you.
-----------------------------------

Faithfully,

Rebecca Wilcox

Dispute advisor
Better Business Bureau
The malicious payload is on [donotclick]samplersmagnifyingglass.net/detects/confirming_absence_listing.php hosted on 183.81.133.121, a familiar IP address belonging to Vodafone in Fiji that has been used several times before and is well worth blocking.

Some other domains also associated with this IP are:
the-mesgate.net
hotsecrete.net
agmnxsmn.com
art-london.net
asmsxcm.com
buzziskin.net
ifmncmn.com
stafffire.net
sxmnmn.com
tizarrefetishkin.com

Tuesday 16 October 2012

Wire Transfer spam / hotsecrete.net

This fake wire transfer spam leads to malware on hotsecrete.net:

From: Federal Information System [mailto:highjackingucaf10@atainvest.com]
Sent: 16 October 2012 15:59
Subject: Wire Transfer accepted

We have successfully done the following transfer:
________________________________________
Item #: 35043728
Amount: $16,861.99
To: Anthony Glover
Fee: 29.00
Send on Date: 10/16/2012
Service: Domestic Wire
________________________________________

If there is a problem with processing your request we would report to you both by email and on the Manage Accounts tab. You can always check your transfer status via this link Sincerely,
Federal Reserve Bank Automate Notify System
________________________________________


*********************************************


Email Preferences
This is a service warning from Federal Reserve Bank. Please note that you may receive notification note in accordance with your service agreements, whether or not you elect to receive promotional email.
=============================================
Federal Reserve Bank Email, 8th Floor, 170 Seashore Tryon, Ave., Charlotte, TX 89936-0001
Federal Reserve Bank.


The malicious payload is found at [donotclick]hotsecrete.net/detects/exclude-offices_details_warm.php hosted on 183.81.133.121 (Vodafone, Fiji) which is a well-known malicious IP address that you should block.

Monday 15 October 2012

Intuit spam / navisiteseparation.net

This fake Intuit spam leads to malware on navisiteseparation.net:


Date:      Mon, 15 Oct 2012 15:20:13 -0300
From:      "Intuit GoPayment" [crouppywo4@deltamar.net]
Subject:      Welcome - you're accepted for Intuit GoPayment

       
.
Congratulations!
GoPayment Merchant by Intuit request for ONTIMEE ADMINISTRATION, Inc. has been ratified.
GoPayment
Account Number:     XXXXXXXXXXXXXX55
Email Address:     [redacted]
   
PLEASE NOTE :
    Associated charges for this service may be applied now.
Next step: View or confirm your Access ID



This is {LET:User ID lets you:
Review your payment service in the Merchant Center
Review charges
Log In to other Intuit products you may use, like TurboTax, Quicken, and Intuit Payroll


The good news is we found an existing Intuit account for your email address, You can use this ID for your payment service also, or enter a new one.



Verify Access ID
Get started:



Step 1: If you have not still, download the Intuit software.



Step 2: Launch the Intuit application and sign in with the Access ID (your email address) and Password you setup.



Easy Manage Your Intuit GoPayment Account

The GoPayment Merchant Service by Intuit Center is the web site where you can learn more about GoPayment features, customize your sales receipt and add GoPayment users. You can also view transactions, deposits and fees. Visit url and sign in with your GoPayment AccesID (your email address) and Password.
For more information on how to start using GoPayment Merchant by Intuit, including tutorials, FAQs and other resources, visit the Merchant Service Center at service link.
Please don't reply to this message. auto informer system unable to accept incoming messages.
System Terms & Agreements     � 2008-2012 Intuit, INC. All rights reserved.


Sample subjects:

  • Congrats - you're accepted for Intuit GoPayment Merchant 
  • Congratulations - you're approved for Intuit Merchant 
  • Congrats - you're approved for GoPayment Merchant 
  • Welcome - you're accepted for Intuit GoPayment 
The malicious payload is at  [donotclick]navisiteseparation.net/detects/processing-details_requested.php  hosted on 183.81.133.121 (Vodafone, Fiji). The good news is that the domain has been suspended by the registrar, but that IP address has been used many times recently and should be blocked if you can.


Thursday 11 October 2012

LinkedIn spam / inklingads.biz

The bad guys are very busy today with all sorts of spam campaigns, including lots of messages as below pointing to malware on

From: LinkedIn Notification [mailto:hewedngq6@omahahen.org]
Sent: 11 October 2012 15:59
Subject: LinkedIn Reminder
Importance: High

LinkedIn
REMINDERS
Invite events:
From Thaddeus Sosa ( Your servant)

PENDING EVENTS
There are a total of 3 messages awaiting your action. See your InBox immediately.
Don't wish to get email info letters? Adjust your notifications settings.
LinkedIn values your privacy. In no circumstances has LinkedIn made your notifications email acceptable to any third-party LinkedIn member without your permission. 2010, LinkedIn Corporation.
The malicious payload is on [donotclick]inklingads.biz/detects/invite-request_checking.php hosted on 183.81.133.121 (Vodafone, Fiji)

Wednesday 10 October 2012

NACHA spam / formexiting.net

This fake NACHA spam leads to malware on formexiting.net:

From: The Electronic Payments Association [mailto:underlining34@anbid.com.br]
Sent: 10 October 2012 15:59
Subject: Rejected ACH transaction
Importance: High


The ACH transaction (ID: 9536860209937), recently issued from your bank account (by one of your account members), was reversed by the recepient's financial institution.
Canceled request
Transaction ID:     9536860209937
Reason of rejection    Review details in the statement below
Transaction Report    report_9536860209937.doc (Microsoft Office Word Document)


17390 Seaside Valley Drive, Suite 101
Herndon, VA 20171
2011 NACHA - The Electronic Payments Association

The malicious payload is on [donotclick]formexiting.net/detects/review_reject_reason.php hosted on 183.81.133.121 (Vodafone, Fiji) which is a well-known malicious IP that you should consider blocking.

Tuesday 9 October 2012

"Biweekly payroll" spam / editdvsyourself.net

This fake payroll spam leads to malware on editdvsyourself.net:

From: Run Do Not Reply [mailto:jutland@bmacapital.com]
Sent: 09 October 2012 15:10
Subject: Your Biweekly payroll is accepted

Your Biweekly payroll for check date 10/09/2012 is ready to go. Your payroll will be issued at least Two days prior to your check date to ensure timely tax deposits and delivery. If you offer direct deposit to your employees, this would also support pay down their money right at the necessary date.

Client ID: XXXXXXX1
Other details: Click here to Review

Important: Please be advised that calls to and from your payroll service team may be monitored or recorded.

Please don't reply to this message. automative notification system not configured to accept incoming email. 
The malicious payload is on [donotclick]editdvsyourself.net/detects/beeweek_status-check.php, hosted on the familiar IP address of 183.81.133.121 (Vodafone, Fiji).

The following malicious domains are also associated with this IP:
acmrmn.com
addsmozy.net
art-london.net
buzziskin.net
canhmn.com
casbnm.com
editdvsyourself.net
officerscouldexecute.org
stafffire.net
strangernaturallanguage.net
simplerkwiks.net

Thursday 4 October 2012

Verizon Wireless spam / strangernaturallanguage.net

This fake Verizon wireless spam leads to malware on strangernaturallanguage.net:

From:     AccountNotify whitheringj@spcollege.edu
Date:     4 October 2012 18:52
Subject:     Recent Notification in My Verizon
   
SIGNIFICANT ACCOUNT NOTIFICATION FROM VERIZON WIRELESS.
Your informational letter is available.
Your account # ending: XXX8 XXXX4
Our Valued Client
For your accommodation, your confirmation message can be found in the Account Documentation desk of My Verizon.
Please check your acknowledgment letter for all the information relating to your new transaction.
View Approval Message
In addition, in My Verizon you will find links to info about your device & services that may be helpfull if you looking for answers.
Thank you for joining us .
   

     
My Verizon is also accessible 24 hours 7 days a week to assist you with:
Usage details
Updating your tariff
Add Account Users
Pay your invoice
And much, much more...
   

© 2012 Verizon Wireless
Verizon Wireless | One Verizon Way | Mail Code: 523WSE | Basking Ridge, MA 55584
We respect your privacy. Please review our privacy policy for more details

The malicious payload is at [donotclick]strangernaturallanguage.net/detects/notification-status_login.php hosted on 183.81.133.121 (Vodafone, Fiji).

The following domains are hosted on that IP and should be regarded as being suspect:
strangernaturallanguage.net
buzziskin.net
art-london.net
addsmozy.net