Sponsored by..

Friday 15 February 2013

Wire transfer spam /

This fake wire transfer spam leads to malware on

Date:      Fri, 15 Feb 2013 07:24:40 -0500
From:      Tasha Rosenthal via LinkedIn [member@linkedin.com]
Subject:      RE: Wire transfer cancelled

Good day,

Wire Transfer was canceled by the other bank.

Canceled transaction:

FED NR: 94813904RE5666838

Transfer Report: View

The Federal Reserve Wire Network
The malicious payload is on [donotclick] (Railcom, Mongolia) (report here) which is a well-known malicious IP that you should definitely block if you can.

Update: there is also a "Scan from a HP ScanJet  #841548" spam for the same IP, sending victims to [donotclick]

No comments: