Sponsored by..

Friday 17 February 2012

freac.net is back with a BBB spam run

freac.net is a domain used by malicious spam email pretending to be from the BBB or NACHA, as in this example. In that case, freac.net was apparently hosted on an IP belonging to Huawei in the US, but shortly afterwards it went non-resolving.

Well, freac.net is back and so is the spam promoting it.. e.g.

Date:      Fri, 16 Feb 2012 14:30:35 +0530
From:      "BBB"
Subject:      BBB case ID 28764441
Attachments:     betterbb_logo.jpg

Hello,

Here with the Better Business Bureau would like to notify you that we have received a complaint (ID 28764441) from a customer of yours related to their dealership with you.

Please open the COMPLAINT REPORT below to find more information on this case and let us know of your position as soon as possible.

We are looking forward to hearing from you.

Regards,

Carlos Baxter

Dispute Counselor
Better Business Bureau


Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

===========

Date:      Fri, 16 Feb 2012 14:26:31 +0530
From:      "BBB"
Subject:      BBB complaint processing
Attachments:     betterbb_logo.jpg

Attention: Owner/Manager

Here with the Better Business Bureau would like to notify you that we have been sent a complaint (ID 78067910) from a customer of yours related to their dealership with you.

Please open the COMPLAINT REPORT below to obtain more information on this case and inform us about your opinion as soon as possible.

We are looking forward to hearing from you.

Faithfully,

Theresa Morris

Dispute Counselor
Better Business Bureau


Council of Better Business Bureaus
4200 Wilson Blvd, Suite 800
Arlington, VA 22203-1838
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Currenly freac.net is hosted on 46.4.226.18 and 41.64.21.71, the first is a server rented from Hetzner in Germany, oddly the second is an ADSL line in Cairo.

Anyway, blocking those IPs will stop any further infections from those IPs. A Wepawet report for this infection is here.

No comments: