Ranjeet Menon

NACHA – ACH Payment Cancelled Scam

September 5, 2011
Estimated reading time: 1 minute

An email purporting to be from NACHA, the Electronic Payments Association, is currently being fraudulently circulated to unsuspecting individuals and corporations. The email claims that a certain payment has been cancelled and then induces readers to download the attached ZIP file for details of said cancellation.

The mail typically looks like:

The attached zip file contains “report_082011-65.pdf.exe”, which has a PDF file icon. If a user tries to open the file assuming it to be a PDF file the malicious file gets executed and in turn the machine gets infected. Once the malicious file is installed it may download ‘Zbot’ from remote servers, which steals banking information by logging keystroke.

The file “report_082011-65.pdf.exe” is detected by Quick Heal as TrojanDownloader.Chepvil.n.

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.