PhishLabs has discovered a new malware campaign which appears to be an alert from NACHA regarding a failed ACH transaction. If a vulnerable user clicks the enclosed link, they will be infected with malware.
Users receive an email message which appears as follows:
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Thursday, February 24, 2011 9:47 AM
To: Denise Muns
Subject: Your ACH transaction
The ACH transfer , recently sent from your checking account (by you or any other person), was rejected by the Electronic Payments Association.
Please click here to view report
The link in the email includes one of nearly 400 domain names which in turn redirects to the site DF1C.CO.CC. This site hosts an exploit pack which infects the user with malware.
PhishLabs is in the process of analyzing the malware binaries to determine what organizations are being targeted. Please contact us at info -at-phishlabs.com for additional information.