Sep 12, 2011
Beware of ACH impersonated e-mail
September 8, Softpedia – (National) Financial services company impersonated in malware spreading campaign. The Automated Clearing House (ACH), a financial service offered by the U.S. electronic payments association National Automated Clearing House Association (NACHA), was impersonated in a campaign of spam messages sent out to unsuspecting users with the purpose of spreading malware. The samples investigated by MalwareCity seemed to be sent from a legitimate NACHA e-mail account. This specific message, named “ACH Transfer Review,” informs the victim a transaction has failed and that she must review the input data for the payment. She then must fill the application form attached to the e-mail. The attachment is represented by a zip file that contains what seems to be a .pdf document that must be reviewed by the recipient. The .pdf file is actually an executable that installs a downloader on the soon-to-be infected computer. The downloader's purpose is to get other malware from the Web, and onto the computer. A few moments later, the Zeus bot, also known as Trojan(dot)Generic.6152125, is installed on the machine, closely monitoring all electronic financial transactions and sending out username and password information. The routing details from the message appear to come from a domain called ”digitalskys.com”, the Web site of a wireless solutions company, likely used by the cybercriminals to mask their true identity.