From: The Electronic Payments Association office@officecar.ro
Reply-To: The Electronic Payments Association
To: itd@sos.com.ph
Date: 13 February 2012 10:06
Subject: ACH transfer error
Dear Chief Accounting Officer,
We are sorry to inform you, that Direct Deposit payment (ID801400587332) has not been credited to the receiver account, because of partially missing banking details.
Direct Deposit procedure incomplete
Transaction ID : 801400587332
Details: Please use the transfer correction request below provide the correct banking information.
Transfer Status report-801400587332.doc (Micro soft Word Document)
Home About Us Site Map Contact Us NACHA Inquiries NACHA Privacy Policy NACHA Code of Conduct Disclaimer
Membership Education ACH Network ACH Rules Risk & Compliance News & Resources NACHA eStore
13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100
2012 NACHA - The Electronic Payments Association
The payload is a Blackhole exploit kit at beaverday.biz/search.php?page=977334ca118fcb8c (Wepawet report here) which is hosted on 199.30.89.139 (Central Host Inc / Zerigo.net), just a few IPs away from 199.30.89.135 as used in this spam run a few days ago. I have also seen malicious activity on 199.30.91.44 in the same /21.. perhaps Zerigo / Central Host have a problem? Block IPs as you feel is appropriate..