- Jan 24, 2011
- 9,378
A new wave of spam emails are targeting business users and attempt to infect them with a variant of the ZeuS banking trojan by posing as ACH transfer failure notifications.
According to researchers from antivirus vendor Trend Micro who analyzed the campaign, the emails purport to come from NACHA – The Electronic Payments Association, the regulatory agency for the Automated Clearing House (ACH) network.
The ACH network is commonly used by companies to process large volumes of credit and debit transactions, such as payroll or vendor payments, in batches.
According to Gary Warner, director of research in Computer Forensics at the University of Alabama at Birmingham (UAB), the emails have subjects like "ACH transaction cancelled", "ACH Transfer rejected", "Your ACH transaction" and other such variations.
The body message is always the same and reads: "The ACH transaction , recently initiated from your bank account (by you or any other person), was rejected by the Electronic Payments Association. Please click here to view details."
The link takes recipients to a website pushing a fake Java update that is actually a variant of the infamous ZeuS (Zbot) information stealing trojan.
One of the more interesting aspects of this attack is the large number of domains with ACH in their name registered particularly for this spam run.
More details - link
According to researchers from antivirus vendor Trend Micro who analyzed the campaign, the emails purport to come from NACHA – The Electronic Payments Association, the regulatory agency for the Automated Clearing House (ACH) network.
The ACH network is commonly used by companies to process large volumes of credit and debit transactions, such as payroll or vendor payments, in batches.
According to Gary Warner, director of research in Computer Forensics at the University of Alabama at Birmingham (UAB), the emails have subjects like "ACH transaction cancelled", "ACH Transfer rejected", "Your ACH transaction" and other such variations.
The body message is always the same and reads: "The ACH transaction , recently initiated from your bank account (by you or any other person), was rejected by the Electronic Payments Association. Please click here to view details."
The link takes recipients to a website pushing a fake Java update that is actually a variant of the infamous ZeuS (Zbot) information stealing trojan.
One of the more interesting aspects of this attack is the large number of domains with ACH in their name registered particularly for this spam run.
More details - link
