An email purporting to be from NACHA, the Electronic Payments Association, is currently being fraudulently circulated to unsuspecting individuals and corporations. The email claims that a certain payment has been cancelled and then induces readers to download the attached ZIP file for details of said cancellation.
The mail typically looks like:
The attached zip file contains “report_082011-65.pdf.exe”, which has a PDF file icon. If a user tries to open the file assuming it to be a PDF file the malicious file gets executed and in turn the machine gets infected. Once the malicious file is installed it may download ‘Zbot’ from remote servers, which steals banking information by logging keystroke.
The file “report_082011-65.pdf.exe” is detected by Quick Heal as TrojanDownloader.Chepvil.n.