Date: Thu, 1 Dec 2011 17:55:30 +0900
From: "LinkedIn" [linkedin@em.linkedin.com]
To: Victim
Subject: So now you're on LinkedIn: What's next?
The ACH transaction (ID: 730771521612), recently sent from your checking account (by you or any other person), was canceled by the other financial institution.
Rejected transfer
Transaction ID: 730771521612
Reason of rejection See details in the report below
Transaction Report report_730771521612.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100
© 2011 NACHA - The Electronic Payments Association
Yup.. the headers are for a LinkedIn themed spam, the body is a NACHA themed one with a link to a malicious file. The bad guys are sending out so many of these that they must be getting confused.
The link goes through a number of legitimate hacked sites and eventually ends up at biggestamigo.com on 92.55.144.82 in Romania (I would recommend blocking the whole 92.55.144.0/24 block at least, or even 92.55.144.0/21 if you want to be on the safe side). The payload looks like a typical exploit kit.
No comments:
Post a Comment