Sponsored by..

Thursday 26 January 2012

NACHA Spam / chillechart.com and chillepay.com

More fake NACHA spam leading to malware, this time the malicious payload is at chillechart.com on 96.126.96.123 (Linode, New Jersey).

Date:      Thu, 25 Jan 2012 10:40:06 +0100
From:      "alerts@nacha.org" [alerts@nacha.org]
Subject:      Your pending ACH debit transfer

Dear Account Holder,

This message includes an important notice about the ACH debit transfer sent on your behalf, that was detained by our bank:
Transaction #:    766253676295142
Transaction status:    pending

In order to resolve this matter, we prompt you to check the details of your transaction using the link below.

Faithfully yours,
Stephanie Barrera
Accounting Department

This follows the same pattern we have seen over the past few days. A Wepawet report for the malicious page is here. Blocking the IP address rather than the domain should block any other malicious sites on the server.

Update:  chillepay.com is also being used in this spam run, hosted on 69.164.199.231 (also Linode)

1 comment:

tay1970 said...

Attention: Accounting Department
Please find below an important notice about the ACH debit transfer sent on your behalf, that was detained by our bank:
Transaction ID: 088167411734693
Status of the transaction: pending
In order to resolve this matter, we prompt you to check the details of your transaction using the link below.
Yours faithfully,
Anthony Cooley
Chief Accountant

This was the one sent to me, different id number and different name but the very same email