Spam campaign targets payment transfer system
IDG News Service - A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters.
The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH).
ACH is a widely used but aging system used by financial institutions for exchanging details of direct deposits, checks and cash transfers made by businesses and individuals. In 2002, ACH was used for nearly 9 billion transactions worth more than $24.4 trillion.
Over the last few months, many businesses have lost money through ACH fraud, primarily when fraudsters obtain the authentication credentials required to transfer money. In many cases, significant portions of the fraudulent transfers are never recovered, and businesses are on the hook with their bank.
NACHA has no direct involvement in the processing of the payments, but spammers have nonetheless launched a spam campaign with messages purporting to be from the organization saying that an ACH payment has been rejected.
The spam messages have a link to a fake Web site that looks like NACHA's. The site asks the victim to download a PDF (portable document format) file, but it is actually an executable.
If launched, the executable will install Zbot, also known as Zeus, an advanced piece of banking malware that can harvest the authentication details required to initiate an ACH transaction, according to M86 Security. The spam campaign is coming from the Pushdo botnet, M86 said on its blog.
NACHA has put an advisory on its Web site, warning: "NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive."
There are a number of versions of the Zeus malware, which is periodically re-engineered in order to evade detection by antivirus software. As of Thursday, the version of Zeus being spammed was only detected by 16 of 41 antivirus suites, wrote Gary Warner, director of research in computer forensics at the University of Alabama's computer and information sciences department.
Antivirus software is the first line of defense against malware like Zeus. However, malware writers can modify the file in order to make it undetectable for a while until the security companies see a sample and create a signature for it. It may take a few days before different security suites can detect it. By that time, the money may be gone.
Reprinted with permission from
Story copyright 2009 International Data Group. All rights reserved.
University of Alabama
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
