Sponsored by..

Tuesday, 22 November 2011

Spoof ACH mails, neoprenpillar.com and decalintos.com

Yet another ACH / NACHA / whatever scam email, they go something like this:
Date:      Tue, 22 Nov 2011 10:42:43 +0100
From:      "The Electronic Payments Association" [alerts@nacha.org]
Subject:      Rejected ACH transaction

The ACH transfer (ID: 925071618701), recently initiated from your checking account (by you or any other person), was canceled by the other financial institution.

Rejected transaction
Transaction ID:     925071618701
Reason for rejection     See details in the report below
Transaction Report     report_925071618701.doc (Microsoft Word Document)

About NACHA
The ACH Network had its start in the early 1970's when a group of California bankers formed the Special Committee on Paperless Entries (SCOPE) in direct response to the rapid escalation of check volume in the United States. The Committee set out to explore the technical, operational, and legal framework necessary for an automated payments system, leading to the formation of the first ACH association in 1972. Similar groups soon formed around the country.
NACHA occupies a unique role in the association world, serving as both an industry trade association and administrator of Automated Clearing House (ACH) Network. As the industry trade association that oversees the ACH Network, NACHA provides services in three key functional areas:

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

2011 NACHA - The Electronic Payments Association

payments knowledge to further their professional development and benefit their employers. Offerings include in-person, desk-top, and distance learning courses, publications, and the Accredited ACH Professional (AAP) Program. Payments education offered by NACHA at the national level augments the rich offering of educational programs provided by the Regional Payments Associations throughout the country.

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

2011 NACHA - The Electronic Payments Association
Other subjects include:

  • ACH transfer failure
  • Rejected ACH transaction 
  • Your ACH transaction 
  • ACH transaction canceled 
  • Rejected ACH transaction 
There's a link through to a hacked site, containing four embedded javascripts on other hacked sites which eventually lead to decalintos.com or neoprenpillar.com, both hosted on 193.106.174.219 (IQHost Ltd, Russia). This tries to download a variety of exploits (Wepawet report here).

IQHost seems to be over-run with this sort of toxic crap at the moment. Blocking access to 193.106.172.0/22 is probably a smart move.
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)