Sponsored by..

Friday, 16 March 2012

Intuit.com spam / 173.224.71.132

Yet another round of malicious fake Intuit.com spam is doing the rounds:

Date:      Fri, 16 Mar 2012 11:15:29 -0300
From:      "INTUIT INC."
Subject:      Your Intuit.com order confirmation.




Dear Client:

Thank you for ordering from Intuit Market. We are working on and will send you an e-mail when your order is processed. If you ordered multiple items, we may deliver them in more than one delivery (at no extra cost to you) to provide faster processing time.

If you have questions about your order, please call 1-800-955-8890.


ORDER INFORMATION

Please download your complete order
id #078419178757 information at Intuit small business website.

NEED HELP?

    Email us at mktplace_customerservice@intuit.com.
    Call us at 1-800-955-8890.
    Reorder Intuit Checks Quickly and Easily starting with
    the information from your previous order.

To help us better serve your needs, please take
a few minutes to let us know how we are doing.
Submit your feedback here.

Thanks again for your order,

Intuit Market Customer Service

Privacy , Legal , Contact Us , About Us

You have received this business communication as part of our efforts to fulfill your request or service
your account. You may receive this and other business communications from us even if you have opted
out of marketing messages.

Please note: This e-mail was sent from an auto-notification system that cannot accept incoming email
Please do not reply to this message.

If you receive an email message that appears to come from Intuit but that you suspect is a phishing
e-mail, please forward it immediately to spoof@intuit.com. Please visit http://security.intuit.com/ for
additional security information.


�2011 Intuit, Inc. All rights reserved. Intuit, the Intuit Logo, Quickbooks, Quicken and TurboTax,
among others, are registered trademarks of Intuit Inc.

In this case the link in the email goes through a legitimate hacked site and ends up at 173.224.71.132:8080/showthread.php?t=73a07bcb51f4be71 (Colo5, US). There's a Wepawet report here. Blocking that IP would stop any further malicious sites on the server from being a problem.

No comments: