Sponsored by..

Saturday 29 December 2012

FedACH Announcement spam / incinteractive.net

This fake whatever-the-heck-it-is spam leads to malware on incinteractive.net:
Date:      Fri, 28 Dec 2012 22:45:28 +0900
From:      "Federal Reserve Banking Services@sys.frb.org" [ACHR_58976105@FedMail.frb.org]
Subject:      FedMail (R): FedACH Announcement - End of Day - 12/27/12

Please overview the ACH Advice Statement from the Federal Reserve System by clicking here.
The malicious payload is at [donotclick]incinteractive.net/detects/wishs_continually.php hosted on the well-known IP of 59.57.247.185 in China which also hosts these following malicious domains:

sessionid0147239047829578349578239077.pl
tv-usib.com
atsushitani.com
proxfied.net
incinteractive.net
timesofnorth.net
latticesoft.net
incinteractive.net


No comments: