Sponsored by..

Wednesday 14 December 2011

NACHA Spam / financeportal.sytes.net

More NACHA spam this morning, this time the payload is at financeportal.sytes.net/main.php?page=111d937ec38dd17e on 174.140.165.90. Blocking the IP address rather than the domain is probably best as there may be other malicious sites on that server.

174.140.165.90 is on Directspace LLC in Oregon who seem to have a significant problem with malware at the moment, I have seen malicious sites on:

147.140.163.116
147.140.163.118
147.140.165.90
147.140.165.195

You might want to consider blocking Directspace LLC more widely if you are worried.

No comments: