Date: Fri, 9 Feb 2012 20:07:15 +0430
From: payment@nacha.org
Subject: nacha5_sbj}
Attachments: nacha.jpg
The following information concerns the ACH transfer that was originally effectuated by you or any other person on 02-02-2012.
Transaction ID:
89024101013314
Transaction status: declined
Supplementary information: Please read the detailed report
Faithfully,
Violette Coirs.
2012 NACHA - The Electronic Payments Association
This is a system generated email. Please do not respond.
The malicious payload is synergyledlighting.net/main.php?page=4e4959105994cf84 hosted on 131.94.130.132 (Florida International University, US) and 173.236.78.113 (Singlehop, US). That same domain was found in this spam, although one of the IPs has changed since then.
The Florida International University IP address gives a clue as to what is going on here - these servers are most likely hacked rather than rented. This also explains why some IPs have seemingly legitimate sites on them. Still, blocking access to these IPs is the safest thing to do.
No comments:
Post a Comment