Sponsored by..

Monday 11 February 2013

NACHA Spam / albaperu.net

This fake NACHA spam leads to malware on albaperu.net:

Date:      Mon, 11 Feb 2013 11:39:03 -0500 [11:39:03 EST]
From:      ACH Network [reproachedwp41@direct.nacha.org]
Subject:      ACH Transfer canceled

Aborted transfer
The ACH process (ID: 838907191379), recently initiated from your checking account (by one of your account members), was reversed by the other financial institution.

Transaction ID:     838907191379
Reason of Cancellation     See detailed information in the despatch below
Transaction Detailed Report     RP838907191379.doc (Microsoft Word Document)

                          

13150 Sunrise Drive, Suite 100 Herndon, VA 20172 (703) 561-1600

� 2013 NACHA - The Electronic Payments Association
The malicious payload is at [donotclick]albaperu.net/detects/case_offices.php (report here) hosted on:

175.121.229.209 (Hanaro Telecom, Korea)
198.144.191.50 (Chicago VPS, US)

 The following malicious domains are present on these IPs and should be blocked:
acctnmrxm.net
albaperu.net
asistyapipressta.com
capeinn.net
live-satellite-view.net
madcambodia.net
morepowetradersta.com
rebelldagsanet.com
uminteraktifcozumler.com

No comments: