Sponsored by..

Tuesday 31 January 2012

NACHA Spam / matoreria.com

Another NACHA spam run leading to a malicious payload..

Date:      Tue, 30 Jan 2012 11:02:13 +0000
From:      info@nacha.org
Subject:      Your ACH transaction

The ACH transaction (ID: 8519169560300), recently initiated from your bank account (by you or any other person), was canceled by the other financial institution.

Canceled transfer
Transaction ID:     8519169560300
Rejection Reason     See details in the report below
Transaction Report     report_8519169560300.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

2011 NACHA - The Electronic Payments Association
The payload is on matoreria.com/search.php?page=73a07bcb51f4be71 hosted on 66.150.164.137 (Nuclear Fallout Enterprises, Seattle). We've seen this ISP before. At the moment the payload seems not to be working properly.

Blocking access to the IP address will also block access to any other malicious sites on the same server.

1 comment:

Haren Bhatt said...

Today I tested the same mail where a connection to IP 124.217.226.160 was seen.

The IP belongs to

person: PIRADIUS NET Administrator
nic-hdl: PA124-AP
e-mail: admin@piradius.net
address: PIRADIUS NET
address: Unit 8.2, 8 Floor, Menara Aik Hua
address: Changkat Raja Chulan
address: 50200
address: Kuala Lumpur
address: Malaysia
phone: +603-20318850
fax-no: +603-20318851
country: MY
changed: admin@piradius.net 20071003
mnt-by: MAINT-MY-PIRADIUS
abuse-mailbox: abuse@piradius.net
source: APNIC