“Your ACH Transaction” Spam Leads to Malware

By admin 8 years agoNo Comments
Home  /  Blog  /  “Your ACH Transaction” Spam Leads to Malware

PhishLabs has discovered a new malware campaign which appears to be an alert from NACHA regarding a failed ACH transaction. If a vulnerable user clicks the enclosed link, they will be infected with malware.

Users receive an email message which appears as follows:

From: [email protected] [mailto:[email protected]]
Sent: Thursday, February 24, 2011 9:47 AM
To: Denise Muns
Subject: Your ACH transaction

The ACH transfer , recently sent from your checking account (by you or any other person), was rejected by the Electronic Payments Association.

Please click here to view report

——————————————————————

Hal Vance,
Fraud Department

 

The link in the email includes one of nearly 400 domain names which in turn redirects to the site DF1C.CO.CC. This site hosts an exploit pack which infects the user with malware.

The malware downloaded is a Zeus Banking trojan, MD5 = a1d090f5c26eb8ff1b20b87a43fe0f25, and is currently detected by 25 of 42 anti-virus vendors on VirusTotal. Threat Expert report here.

PhishLabs is in the process of analyzing the malware binaries to determine what organizations are being targeted. Please contact us at info -at-phishlabs.com for additional information.

Category:
  Blog

Leave a Reply

Your email address will not be published.

})(jQuery);