From: Internal Revenue Service [mailto:papillaq9@wonderware.com]
Sent: 18 September 2012 15:22
Subject: Your IRS federal tax payment has not been accepted
Importance: High
Your Federal Tax transaction (ID: 1550573369185), recently sent from your bank account was returned by The Electronic Federal Tax Payment System.
Not Accepted Tax transfer
Tax Transaction ID: 1550573369185
Reason ID See details in the report below
Income Tax Transaction Report tax_report_1550573369185.doc (Microsoft Word Document)
Internal Revenue Service P.O. Box 996 Davis 99627 NY
The malicious payload can be found at [donotclick]xlzones.com/detects/char-storing-hate.php and [donotclick]xlzones.com/maintain/java.jar (report here) hosted on the familiar IP address of 203.91.113.6 (G Mobile, Mongolia). Block this IP if you can.. also beware of these other malicious domains on the same server:
centennialfield.net
blue-lotusgrove.net
virtual-geocaching.net
afgreenwich.net
cedarbuiltok.net
thebummwrap.net
bode-sales.net
cat-mails.net
xlzones.com
No comments:
Post a Comment