Sponsored by..

Monday 1 October 2012

NACHA spam / onlinebayunator.ru

This fake NACHA spam leads to malware on onlinebayunator.ru:

Date:      Mon, 1 Oct 2012 04:16:46 -0500
From:      Bebo Service [service@noreply.bebo.com]
Subject:      Fwd: ACH Transfer rejected

The ACH debit transfer, initiated from your bank account, was canceled.

Canceled transaction:

Transfer ID: FE-764029897226US

Transaction Report: View

Valentino Dickey

NACHA - The Electronic Payment Association


The malicious payload is at [donotclick]onlinebayunator.ru:8080/forum/links/column.php  (probably a Blackhole 2 exploit kit) hosted on the following familiar IPs that should be blocked: (Republic CyberBunker, Antarctica - Amsterdam more likely) (RACSA, Costa Rica) (Myren, Malaysia)

Of note,  CyberBunker has a long history of spamming and tolerating criminals. Blocking the range should afford your network some additional protection.

No comments: