Spam targets financial transfers

In news showing more links between bad webpages and spam, and definitely news in the fight against malware, viruses and hackers, the latest is that there's a new spam attack that targets a financial transfer system handling trillions of dollars in transactions annually. What's not surprising is that it turns out it's yet another case of fake emails.

The spam messages pretend to come from the National Automated Clearing House Association (NACHA), a U.S. nonprofit association that oversees the Automated Clearing House system (ACH). ACH is a widely used by system used by financial institutions for exchanging details of direct deposits, checks and cash transfers.

It appears that in the last few months, numerous businesses have lost money through ACH fraud. It happens when the hackers obtain the authentication credentials required to transfer money. Although NACHA has no direct involvement in the processing of the payments, spammers have launched a campaign with messages purporting to be from the organization saying that an ACH payment has been rejected.

The spam messages have a link to a fake website that looks like NACHA's. The site asks the victim to download a PDF file, but it is actually an executable. If launched, the file will install Zbot, also known as Zeus, an advanced piece of banking malware that can harvest the authentication details required to initiate an ACH transaction.

NACHA has put an advisory on its website, warning: "NACHA does not send communications to individuals or organizations about individual ACH transactions that they originate or receive."

With this kind of sophisticated trickery, the question becomes: How do you stop it? For starters, make sure you publicize the scheme and keep ACH clients well-trained to refuse emails even if they look real. And of course, make sure your proxy system is up to date with the latest anti-malware, URL database and real-time rating system.