Spammers Exploit ACH’s Name within Fresh E-mail Scam

According to researchers at MXLabs the security company, an enormous malevolent spam campaign has once again targeted Automated Clearing House (ACH), with the e-mails landing inside Internet-users' mailboxes. Softpedia.com published this on November 10, 2011.

It maybe mentioned that Automated Clearing House, which is in USA, is one e-network that processes financial transactions.

Lately, MXLabs intercepted plentiful e-mails having captions such as "ACH payroll payment was not accepted by Central Trust and Savings Bank," "ACH debit transfer was hold by Yolo Community Bank," "Funds transfer was hold by our bank," "ACH debit transfer was hold by The Mechanics Bank," and "ACH Transfer was not accepted by Eldorado Bank."

The spam mails according to the security company, come from various ids that are spoofed. One of them, addressing the recipient formally tells him that Central Trust and Savings Bank didn't accept the payroll payment under ACH that he initiated or which someone representing him did.

Yet one more version of the spam mails tells the recipient that Yolo Community Bank held the ACH debit transfer that he or his representative created.

A common aspect about all these e-mails is that they've one web-link, which supposedly provides the transaction's additional details.

But when anyone clicks on it, his browser attempts at accessing malicious Internet sites that ask the user to instantly take down as well as install Adobe Flash Player. Expectedly, the sites rather than the actual download site of Adobe serve the update.

Unfortunately, the download given in a file name 'flash.exe,' produces one PC-Trojan, which merely 12 anti-virus engines of Virus Total's total 43 could detect.

Moreover, when any computer is infected with this Trojan, which Microsoft detected as PWS:Win32/Zbot.gen!AF, the malware attempts at making a connection with the Internet Protocol address 64.252.17.231 on the 11760 port, possibly for telling its controller that the target system has been compromised.

Thus, for lessening such malevolent spams, Internet-users have been suggested for avoiding the web-links that are sent in unsolicited e-mails. Additionally, users need to make sure that anti-virus programs installed on their systems are the latest, while all security updates too have been installed.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 11/17/2011