14 DAY TRIAL // A new ACH-themed spam campaign is making the rounds, experts warn. The malware-distributing emails are entitled “ACH failed due to system failure” and they purport to come from The ACH Network.
According to MX Lab experts, the fake notifications read something like this:
“ACH PAYMENT CANCELLED The ACH Transfer (ID: 87052955198926), recently submitted from your savings account (by you or any other person), was CANCELLED by other financial institution. Rejection Reason: See details in the acttached report. Transfer Report: report_87052955198926.pdf (Adobe Reader PDF) 13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 2014 NACHA – The Electronic Payments Association”
The zip file that’s attached to them is not a report, but a piece of malware that’s currently detected by 25 of the 51 antivirus engines on VirusTotal. The threat appears to be a Trojan downloader that’s designed to download other malware onto infected devices.
Another spam campaign that’s currently making the rounds leverages the reputation of RBS. Dymanoo’s Blog warns internauts of emails carrying the subject line “RE: Copy.” The emails only read “(Copy-01042014)” and they carry a file called “Copy-04012014.zip.” The archive hides malware.
In both spam runs, the malware is disguised as a .scr file.
Internet users are advised to be careful when reading their emails. Avoid opening suspicious attachments and refrain from clicking on shady links contained in unsolicited emails.