Date: Mon, 1 Oct 2012 04:16:46 -0500
From: Bebo Service [service@noreply.bebo.com]
Subject: Fwd: ACH Transfer rejected
The ACH debit transfer, initiated from your bank account, was canceled.
Canceled transaction:
Transfer ID: FE-764029897226US
Transaction Report: View
Valentino Dickey
NACHA - The Electronic Payment Association
f0c34915-3e624bbb
The malicious payload is at [donotclick]onlinebayunator.ru:8080/forum/links/column.php (probably a Blackhole 2 exploit kit) hosted on the following familiar IPs that should be blocked:
84.22.100.108 (Republic CyberBunker, Antarctica - Amsterdam more likely)
190.10.14.196 (RACSA, Costa Rica)
203.80.16.81 (Myren, Malaysia)
Of note, CyberBunker has a long history of spamming and tolerating criminals. Blocking the range 84.22.96.0/19 should afford your network some additional protection.
No comments:
Post a Comment