From: The Electronic Payments Association risk_manager@nacha.orgThe malware is on biggestblazer.com/search.php?page=73a07bcb51f4be71 (report here) which is hosted on 199.30.89.180 (Central Host Inc / Zerigo.. yet again). It attempts to download additional components from billydimple.com/forum/index.php?showtopic=656974 on 69.164.205.122 (Linode.. again).
Date: 15 February 2012 13:52
Subject: Rejected ACH payment
The ACH transaction (ID: 44103676925895), recently initiated from your bank account (by you or any other person), was canceled by the Electronic Payments Association.
Canceled transfer
Transaction ID: 44103676925895
Rejection Reason See details in the report below
Transaction Report report_44103676925895.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
2011 NACHA - The Electronic Payments Association
I've now seen several malicious sites in the 199.30.89.0/24 range, it might be worth considering blocking the whole lot.
No comments:
Post a Comment