Sponsored by..

Tuesday, 14 February 2012

NACHA Spam / biggestloop.com

Another NACHA spam leading to a malicious payload, this time on biggestloop.com.

Date:      Tue, 13 Feb 2012 19:06:18 +0100
From:      "The Electronic Payments Association"
Subject:      Your ACH transfer
Attachments:     nacha_logo.jpg

The ACH transaction (ID: 54525654754524), recently initiated from your bank account (by you or any other person), was canceled by the other financial institution.

Rejected transaction
Transaction ID:     54525654754524
Rejection Reason     See details in the report below
Transaction Report     report_54525654754524.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

2011 NACHA - The Electronic Payments Association

I can't believe that there is a person in the world receiving this who will not have received hundreds of versions of the same thing before, but the spammers continue. The malicious payload is at biggestloop.com/main.php?page=27f6207e33edeeca (analysis here) on 206.214.68.57 (B2Net Solutions, Canada). Block the IP if you can. Better still, write some filters for your email system to keep the things far, far away.

No comments: