[Incident#EJA-438092] Dear Web Host The FraudWatch International Security Operations Centre (www.fraudwatchinternational.com) has received a report of a fraudulent financial web page (illegal malware download / data collection) hosted on your network.
** Please be aware that clicking any link to an executable may harm your computer! We are providing these links to bring to your attention their existence so that you can take the appropriate action against this illegal activity. Also note that we have provided a malware scan report for your review ** IP Address: 74.125.28.82 URL: https://projeto-atualizacao-seguranca-2k14.googlecode.com/svn/cli1.zaz Additional URL's: ** The above URL has been found to have sufficient connection with Malware that may be located on: ** Malware Scan Report: https://www.virustotal.com/en/file/7400cfdc380871b0c270425e4b40f697a905ebeced6b2e1c88a9b7b57718558a/analysis/ https://malwr.com/analysis/MzBlMDFiZjc3NGIzNGM1MjlhZGMzNTBmYWY5YTdmYjI/ http://10.1.1.56:8080/view/18 Client Brand Targeted: Santander Brasil (Banco Santander) ************************* On behalf of our client, we would greatly appreciate your assistance in: a) Urgently cleaning, closing or disallowing access to the site listed above as appropriate. b) obtaining and providing to us additional information regarding this incident, for example relevant logs or files from the host, ************************* If you are not the correct person to be dealing with this incident, please forward this request to the relevant person. If you are already aware of this matter, we apologise for any inconvenience. If possible, we would still appreciate a copy of any relevant files from the host, including logs and any php files relevant to the malware site, which may indicate where the stolen login credentials are being sent. This incident has been assigned an Incident Number, found in the subject line. We will be monitoring this incident, and tracking its progress to closure. Please use this incident code in the subject line of all correspondence relating to this Incident. Please contact us should you require any clarification or assistance. We thank you for your urgent consideration of this request. Regards, Security Operations FraudWatch International http://www.fraudwatchinternational.com -- You received this message because you are subscribed to the Google Groups "Project Hosting on Google Code" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-code-hosting+unsubscr...@googlegroups.com. To post to this group, send email to google-code-hosting@googlegroups.com. Visit this group at http://groups.google.com/group/google-code-hosting. For more options, visit https://groups.google.com/d/optout.