NACHA Spam Strikes Again

 Analysis by: Jude Bordallo

Another wave of spammed messages pretending to be emails from NACHA (The Electronic Payments Association) is circulating. NACHA manages the development, administration, and governance of the Automated Clearing House (ACH) network. Other versions of spammed messages supposedly from NACHA contained links to fake NACHA sites. This time, the NACHA scam spam makes use of email attachments to spread malware.

The sample mail uses the NACHA domain to send the spammed messages. It tells the recipient that the 'transaction' done between them and NACHA is rejected, thus the need to verify the attachment for the report. The attachment is disguised as a document with the extension .PDF.EXE enclosed in a .RAR file. However, said document is the actual malware.

It might seem tempting to open messages pertaining to financial matters but users should be wary of opening any suspicious-sounding messages. Users should first verify the emails with the purported senders before opening any email.

 SPAM BLOCKING DATE / TIME: August 24, 2011 GMT-8
  • ENGINE:6.8
  • PATTERN:8342