Sponsored by..

Friday, 2 November 2012

Intuit spam / savedordercommunicates.info

This fake Intuit spam leads to malware on savedordercommunicates.info:


Date:      Sat, 3 Nov 2012 02:11:17 +0800
From:      "Intuit Information System" [roughervm73@biolconseils.ch]
Subject:      Notification Only: Transaction Received by Intuit

Direct Deposit Service Message
Communicatory Only

We rejected your payroll on November 1, 2012 at 626 AM Central Time.

    Money would be left from the account No. ending in: XXX1 on November 2, 2012.
    quantum to be left: $7 639.16
    Paychecks would be deferred to your staff' accounts on: November, 2, 2012
    Go to web site by clicking here to Overview Transaction

Funds are typically withdrawn before usual banking hours so please make sure you have sufficient Funds accessible by 12 a.m. on the date Finances are to be gone away.

Intuit must complete your payroll by 4 p.m. Eastern time, two banking days before your paycheck date or your customers will not be paid on time. QuickBooks does not process payrolls on weekends or federal banking holidays. A list of federal banking holidays can be viewed at the Federal Reserve link.

Thank you for your business.

Regards,
Intuit Payroll Services

An substantial information regarding latest Refused Transactions is waiting for you.

Please DO NOT reply to this message. automative notification system not configured to accept incoming messages..

Copyright 2008 Intuit Inc. QuickBooks and Intuit are registered trademarks of and/or registered service marks of Intuit Inc. in the United States and other countries.

Intuit Inc. Customer Care
87566

San Paolo City, AZ 15203

The malicious payload is at [donotclick]savedordercommunicates.info/detects/bank_thinking.php hosted on 75.127.15.39 (New Wave NetConnect, US) along with another malicious domain of teamscapabilitieswhich.org. Blocking this IP would be wise.