Sponsored by..

Tuesday 14 February 2012

NACHA Spam / freac.net

Another NACHA spam, this time with a malicious payload on the site freac.net.

Date:      Tue, 13 Feb 2012 11:12:12 +0100
From:      "The Electronic Payments Association" [alerts@nacha.org]
Subject:      ACH transaction canceled
Attachments:     nacha_logo.jpg

The ACH transfer (ID: 14282248034397), recently sent from your checking account (by you or any other person), was canceled by the other financial institution.

Rejected transaction
Transaction ID:     14282248034397
Rejection Reason     See details in the report below
Transaction Report     report_14282248034397.doc (Microsoft Word Document)

13450 Sunrise Valley Drive, Suite 100

Herndon, VA 20171

2011 NACHA - The Electronic Payments Association

The malware is on freac.net/main.php?page=cd12dfacc57c3f82 (report here) which is on IP address 12.133.182.133 (Huawei Technologies, US). Blocking access to the IP address will prevent any other malicious sites on the server from being a problem.

No comments: