Get The Latest Insights

By Stacy Shelley | February 24, 2011

PhishLabs has discovered a new malware campaign which appears to be an alert from NACHA regarding a failed ACH transaction. If a vulnerable user clicks the enclosed link, they will be infected with malware.

Users receive an email message which appears as follows:

From: [email protected] [mailto:[email protected]] Sent: Thursday, February 24, 2011 9:47 AM
To: Denise Muns
Subject: Your ACH transaction

The ACH transfer , recently sent from your checking account (by you or any other person), was rejected by the Electronic Payments Association.

Please click here to view report


Hal Vance,
Fraud Department


The link in the email includes one of nearly 400 domain names which in turn redirects to the site DF1C.CO.CC. This site hosts an exploit pack which infects the user with malware.

The malware downloaded is a Zeus Banking trojan, MD5 = a1d090f5c26eb8ff1b20b87a43fe0f25, and is currently detected by 25 of 42 anti-virus vendors on VirusTotal. Threat Expert report here [dated and unavailable].

PhishLabs is in the process of analyzing the malware binaries to determine what organizations are being targeted. Please contact us at info for additional information.