ACH Payment Canceled spam

A blast of new spam emails targeting computer users and attempting to infect them with a variant of a banking trojan has been discovered. The emails aim to achieve this by posing as ACH (Automated Clearing House) transfer failure notifications.

The spam emails carry one of the following subject lines:

-ACH payment canceled
-ACH payment rejected
-ACH transaction canceled
-ACH transfer canceled
-ACH transfer rejected
-Rejected ACH payment
-Rejected ACH transaction
-Rejected ACH transfer
-Your ACH transaction
-Your ACH transfer

Each email claims to be from “nacha.org”, the National Automated Clearing House Association, the people who handle electronic payments between banks.

The recorded email addresses are:

-ach@nacha.org
-admin@nacha.org
-alert@nacha.org
-alerts@nacha.org
-info@nacha.org
-payment@nacha.org
-payments@nacha.org
-risk@nacha.org
-risk_manager@nacha.org
-transactions@nacha.org
-transfers@nacha.org

The attached zip file contains the “report_10112011.pdf.exe” executable file, which is a banking trojan used to steal banking credentials from a victim (including confidential details such as username, password, credit card number etc.). By harvesting cookies and accessing other information, the criminals can extract a lot of personal information which can be used to enhance their chances of getting access to the victim’s online banking accounts.

If you come across such emails, do not open the attachments. Instead, delete them and keep your antivirus updated. Quick Heal detects the malicious attached file as Trojan.Genome.vpnbe. So our users are already protected.
We recommend that users do not open such attachments from any unknown emails.

Anand Yadav