After a short pause, the failed/cancelled ACH transaction spam is hitting inboxes again. 200,000 of these types of emails had been intercepted by yesterday. The 7-digit number in the subject line changes randomly from email to email, but the embedded link is always the same, say security researchers.
If a user clicks on the email they will be taken through a number of redirections to a malicious web page hosting the ‘BlackHole’ exploit kit which will aim to deliver the Zbot payload. Zbot steals confidential information and opens a back door port to the infected system. VirusTotal reports that 29 from 43 AV solutions currently detection and remediate the malicious files. Update 09/28/11 – the web page hosting the malicious payload has been taken down.Comments
Please keep in mind that comments are moderated and
rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let us have a personal and meaningful conversation instead.
You must be logged in to post a comment.