An email purporting to be from NACHA – The Electronic Payments Association is currently being fraudulently circulated to unsuspecting individuals and corporations. The mail claims that a certain payment has been cancelled and induces readers to download the attached ZIP file for details of such cancellation.
The mail typically looks like:
The attached zip file contains report_082011-65.pdf.exe, which is having a PDF file like icon. If user tries to open the file assuming a PDF file, the malicious file gets executed and in turn the machine gets infected. Once the malicious files is installed it may download Zbot from remote servers, which steals banking information by logging keystroke.
The file report_082011-65.pdf.exe is detected by Quick Heal as TrojanDownloader.Chepvil.n
Leave a reply