ACH is still the preferred bait for cybercriminals

Nov 10, 2011 19:21 GMT  ·  By

ACH is once again the subject of a massive spam campaign that recently started landing in the inboxes of internet users.

MX Labs reports that they recently intercepted a lot of emails that warned internauts of certain banks that didn't accept payroll payments or transfers.

“I regret to inform you that ACH payroll payment initiated by you or on your behalf was not accepted by Central Trust and Savings Bank,” reads a variant of the scam.

“ACH debit transfer created by you or on your behalf was hold by Yolo Community Bank,” others warn.

The financial institution's name and the issues vary from one message to the other, the reputations of Eldorado Bank and the Mechanics Bank also being utilized in the hoax.

The one thing all the alerts have in common is a link that allegedly offers further details of the transaction.

Once the link is clicked, the web browser will try to access rogue websites where the victim is immediately asked to download and install Adobe Flash Player. Naturally, the application is served directly by the site, instead of the official Adobe download page.

The update flash.exe file unleashes a trojan that was detected only by 12 out of the 43 vendors present on Virus Total.

After infecting the device, the malicious element, identified by Microsoft as being PWS:Win32/Zbot.gen!AF will try to communicate with the 64.252.17.231 IP address on port 11760, probably to announce its master of its presence.

Users are advised to ignore such emails that warn of unsuccessful transactions or failed payments. Also, when faced with executable files that pretend to be update components for popular applications, internauts are recommended to immediately terminate the browsing session.

A good anti-virus solution will always help, since even if sometimes the threats found in these messages are new, security solution providers will in most cases quickly update their virus definitions.