Spam campaign targets payment transfer system
IDG News Service - A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters.
The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH).
ACH is a widely used but aging system used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. In 2002, ACH was used for nearly 9 billion transactions worth more than $24.4 trillion.
Over the last few months, many businesses have lost money through ACH fraud, primarily when fraudsters obtain the authentication credentials required to transfer money. In many cases, significant portions of the fraudulent transfers are never recovered, and businesses are on the hook with their bank.
NACHA has no direct involvement in the processing of the payments, but spammers have nonetheless launched a spam campaign with messages purporting to be from the organization saying that an ACH payment has been rejected.
The spam messages have a link to a fake Web site that looks like NACHA's. The site asks the victim to download a PDF (portable document format) file, but it is actually an executable.
If launched, the executable will install Zbot, also known as Zeus, an advanced piece of banking malware that can harvest the authentication details required to initiate an ACH transaction, according to M86 Security. The spam campaign is coming from the Pushdo botnet, M86 said on its blog.
NACHA has put an advisory on its Web site, warning: "NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive."
There are a number of versions of the Zeus malware, which is periodically re-engineered in order to evade detection by antivirus software. As of Thursday, the version of Zeus being spammed was only detected by 16 of 41 antivirus suites, wrote Gary Warner, director of research in computer forensics at the University of Alabama's computer and information sciences department.
Antivirus software is the first line of defense against malware like Zeus. However, malware writers can modify the file in order to make it undetectable for a while until the security companies see a sample and create a signature for it. It may take a few days before different security suites can detect it. By that time, the money may be gone.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
University of Alabama
Additional Resources



White Papers & Webcasts
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Best Practices for Log Monitoring
Watch Now!
US Military Command Prevents Zero Day Attack with Application Whitelisting
Download this Whitepaper Today!
Data in Action: Making the Planet Smarter
Register Now
Employee Web Use and Misuse
Download this new White Paper today!
The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.
Get More from Your IT Budget
Download this new white paper today!
Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

