Fake ACH Transfer Failure Notifications Spread ZeuS

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
A new wave of spam emails are targeting business users and attempt to infect them with a variant of the ZeuS banking trojan by posing as ACH transfer failure notifications.

According to researchers from antivirus vendor Trend Micro who analyzed the campaign, the emails purport to come from NACHA – The Electronic Payments Association, the regulatory agency for the Automated Clearing House (ACH) network.

The ACH network is commonly used by companies to process large volumes of credit and debit transactions, such as payroll or vendor payments, in batches.

According to Gary Warner, director of research in Computer Forensics at the University of Alabama at Birmingham (UAB), the emails have subjects like "ACH transaction cancelled", "ACH Transfer rejected", "Your ACH transaction" and other such variations.

The body message is always the same and reads: "The ACH transaction , recently initiated from your bank account (by you or any other person), was rejected by the Electronic Payments Association. Please click here to view details."

02242011_ACH1.gif


The link takes recipients to a website pushing a fake Java update that is actually a variant of the infamous ZeuS (Zbot) information stealing trojan.

One of the more interesting aspects of this attack is the large number of domains with ACH in their name registered particularly for this spam run.

More details - link
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top