Recent Posts

Recent Blog Posts

The PhishLabs Blog

“Your ACH Transaction” spam leads to malware

Posted by John LaCour on Feb 24, '11

PhishLabs has discovered a new malware campaign which appears to be an alert from NACHA regarding a failed ACH transaction. If a vulnerable user clicks the enclosed link, they will be infected with malware.

Users receive an email message which appears as follows:

From: ach@nacha.org [mailto:ach@nacha.org]
Sent: Thursday, February 24, 2011 9:47 AM
To: Denise Muns
Subject: Your ACH transaction

The ACH transfer , recently sent from your checking account (by you or any other person), was rejected by the Electronic Payments Association.

Please click here to view report

—————————————————————— 

Hal Vance,
Fraud Department

 

The link in the email includes one of nearly 400 domain names which in turn redirects to the site DF1C.CO.CC. This site hosts an exploit pack which infects the user with malware.

The malware downloaded is a Zeus Banking trojan, MD5 = a1d090f5c26eb8ff1b20b87a43fe0f25, and is currently detected by 25 of 42 anti-virus vendors on VirusTotal. Threat Expert report here

PhishLabs is in the process of analyzing the malware binaries to determine what organizations are being targeted. Please contact us at info -at-phishlabs.com for additional information.

Topics: Malware, Threat Analysis, Lure

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all