Sponsored by..

Thursday 16 February 2012

NACHA Spam / billydimple.com and biggestblazer.com

Here we go again, another NACHA spam leading to a malicious payload..

From:  The Electronic Payments Association risk_manager@nacha.org
Date: 15 February 2012 13:52
Subject: Rejected ACH payment

The ACH transaction (ID: 44103676925895), recently initiated from your bank account (by you or any other person), was canceled by the Electronic Payments Association.

Canceled transfer
Transaction ID:     44103676925895
Rejection Reason     See details in the report below
Transaction Report     report_44103676925895.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171

2011 NACHA - The Electronic Payments Association
The malware is on biggestblazer.com/search.php?page=73a07bcb51f4be71 (report here) which is hosted on 199.30.89.180 (Central Host Inc / Zerigo.. yet again). It attempts to download additional components from billydimple.com/forum/index.php?showtopic=656974  on 69.164.205.122 (Linode.. again).

I've now seen several malicious sites in the 199.30.89.0/24 range, it might be worth considering blocking the whole lot.

No comments: