Date: Mon, 21 Jan 2013 04:45:31 -0300
From: RylieBouthillette@hotmail.com
Subject: Payroll Account Holded by Intuit
Direct Deposit Service Informer
Communicatory Only
We cancelled your payroll on Mon, 21 Jan 2013 04:45:31 -0300.
Finances would be gone away from below account # ending in 8134 on Mon, 21 Jan 2013 04:45:31 -0300
amount to be seceded: 5670 USD
Paychecks would be procrastinated to your personnel accounts on: Mon, 21 Jan 2013 04:45:31 -0300
Log In to Review Operation
Funds are typically left before working banking hours so please make sure you have enough Finances accessible by 12 a.m. on the date Cash are to be seceded.
Intuit must reject your payroll by 4 p.m. Central time, two banking days before your paycheck date or your state would not be paid on time.
QuickBooks does not process payrolls on weekends or federal banking holidays. A list of federal banking holidays can be viewed at the Federal Reserve website.
Thank you for your business.
Regards,
Intuit Payroll Services
The malicious payload is at [donotclick]danadala.ru:8080/forum/links/column.php hosted on a familiar bunch of IPs that have been used in several recent attacks:
89.111.176.125 (Garant-Park-Telecom, Russia)
91.224.135.20 (Proservis UAB, Lithunia)
212.112.207.15 (ip4 GmbH, Germany)
The following malicious domains seems to be active at present:
dekamerionka.ru
danadala.ru
dmssmgf.ru
dmpsonthh.ru
demoralization.ru
damagalko.ru
dozakialko.ru
dopaminko.ru
dumarianoko.ru
dfudont.ru
No comments:
Post a Comment