Sponsored by..

Monday 2 July 2012

TD Ameritrade Spam / ghanarpower.net

This convincing-looking TD Ameritrade spam leads to malware at ghanarpower.net:

 ________________________________________
Your account ending in XXX7     Log on

________________________________________

Your statement is now available online

Dear Valued Client,

Your statement for your TD Ameritrade account ending in XXX7 is now available online.

Access your statements
To view your statement (along with previous statements), please Log On to your account and choose "History & Statements" (under Accounts). Then click the "Statements" tab, select the appropriate month(s) under the "View statements" drop-down menu, then click the "View" button.

We're here to help
If you have any questions, please log on to your account and click "Message Center" (under Home) to write us. A representative will respond through your Message Center inbox. You can also call Client Services at 800-669-3900. We're available 24 hours a day, seven days a week.

Sincerely,


Tom Bradley
President, Retail Distribution
TD Ameritrade


The malware can be found on [donotclick]ghanarpower.net/main.php?page=8c6c59becaa0da07 (report here) hosted on (188.165.1.192, OVH Ireland).

The following IPs and domains are connected to this attack and should also be blocked:
ecocabmedia.net   
ghanarpower.net
lessthansmoothmasculine.com   
68.171.101.22
92.201.139.15
188.165.1.192
109.164.221.176
211.157.105.160

No comments: