Zeus Rides Crest of Latest Spam Wave Straight to Your Financial Data

The most prominent example of the malware-loaded spam wave this month  impersonates the Automated Clearing House (ACH), a US-based financial service offered by NACHA, the electronic payments association. The message looks pretty convincing, as the spam samples we investigated have been tampered with to appear as if they had been set from a @nacha.org e-mail account.

 Attached to the message is a zip archive purportedly detailing the failed transaction, which the user is advised to review. However, the file inside bears a double extension (pdf.exe), so even if it looks like a PDF file, it is actually an executable file.

If run, the piece of malware installs a downloader – a malicious component solely designed to fetch other e-threats. In this case, the downloader fetches and installs a variant of the Zeus bot, as well as a spammer component known as Trojan.Generic.6152125. While the Zeus bot is instructed to monitor electronic financial transactions and username/password combinations for a variety of services, the spam bot is responsible for sending masses of unsolicited messages. The spammer combines promotional messages from affiliates (replica bags and knock-off luxury products or Canadian Pharmacy medicine) with its own “advertisements” – spam messages such as the one in discussion in an attempt to recruit more spam mules around the world.

You’ll end up losing your money through credit card fraud. And, to add insult to injury, your infected PC starts doing the bad guys’ work.

“All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners”.