Sponsored by..

Wednesday 30 January 2013

FDIC spam / 1wstdfgh.organiccrap.com

Here's a slightly new spin on old spam, leading to malware on 1wstdfgh.organiccrap.com:

Date:      Wed, 30 Jan 2013 16:16:32 +0200
From:      "Тимур.Носков@fdic.gov" [midshipmanc631@buprousa.com]
Subject:      Important notice from FDIC

Attention!

Due to the adoption of a new security system, that is aimed at diminishing the number of cases of fraud and scams, all your ACH and WIRE transactions will be temporarily blocked until your security version meets the new requirements.. In order to restore your ability to make transactions, you are required to install a special security software. Please use the link below to download and install all the necessary files.

We apologize for causing you troubles by this measure.
If you need any assistance, please do not hesitate to contact us.

Sincerely yours,

Federal Deposit Insurance Corporation
Security Department
The link in the email goes through a legitimate hacked site (in this case [donotclick]www.edenespinosa.com/track.php?fdic) to the amusingly named [donotclick]1wstdfgh.organiccrap.com/closest/984y3fh8u3hfu3jcihei.php (report here) hosted on 91.218.121.86 (CoolVDS / Kutcevol Maksum Mukolaevichm, US) which hosts the following suspect domains that you might want to block:

1wstdfgh.organiccrap.com
23v4tn6dgdr.organiccrap.com
v446numygjsrg.mymom.info
3vbtnyumv.ns02.us
crvbhn7jbtd.mywww.biz


No comments: