Sponsored by..

Wednesday 10 October 2012

Chase credit card spam / 2.cmisd.org

Another fake Chase credit card spam (like this one), this time leading to malware on 2.cmisd.org:

Date:      Wed, 10 Oct 2012 12:21:48 -0500
From:      "Chase.Alert" [CB22FC0@abbottfire.com]
Subject:      Credit card report

This is an Alert to help you manage your credit card account.

As you requested, we are notifying you of any charges over the amount of ($USD) 200.00, as specified in your Alert settings. A charge of ($USD) 236.77 at Amazon Store has been authorized on Wed, 10 Oct 2012 12:21:48 -0500.

Do not reply to this Alert.

If you have questions, please call the number on the back of your credit card, or send a secure message from your Inbox on www.Chase.com/cl/smessage/alert_id=90A4F

To see all of the Alerts available to you, or to manage your Alert settings, please log on to www.Chase.com.

There are lots of variants, e.g.:

As you requested, we are notifying you of any charges over the amount of ($USD) 200.00, as specified in your Alert settings. A charge of ($USD) 566.48 at eStore has been authorized on Wed, 10 Oct 2012 17:28:38 +0100.

As you requested, we are notifying you of any charges over the amount of ($USD) 200.00, as specified in your Alert settings. A charge of ($USD) 989.65 at Google Store has been authorized on Wed, 10 Oct 2012 11:18:13 -0500.

As you requested, we are notifying you of any charges over the amount of ($USD) 200.00, as specified in your Alert settings. A charge of ($USD) 518.21 at eStore has been authorized on Wed, 10 Oct 2012 08:42:53 -0700.

As you requested, we are notifying you of any charges over the amount of ($USD) 200.00, as specified in your Alert settings. A charge of ($USD) 763.93 at UNKNOWN has been authorized on Wed, 10 Oct 2012 17:42:24 +0200.
In this case the malicious payload is at [donotclick]2.cmisd.org/links/assure_numb_engineers.php hosted on 75.98.171.60 (A2 Hosting, US). Blocking access to that IP would probably be wise.

No comments: