In what is seemingly a daily occurrence, yet another Zbot-flavoured campaign is being spammed out by the usual suspect - the Pushdo (aka Cutwail) botnet.
This time the template is NACHA , the Electronic Payments Association, a body that oversees the Automated Clearing House (ACH) Network payment system. The spammed emails look like this:
As you can see from the image, the domains being used are random looking stuff prepended by nacha.org. Clicking on one of these links will take you through to a fake NACHA landing page complete with a link to "transaction report" with an .exe extension - an extra clue just in case you were not already suspicious. But in an attempt to make the .exe file look legitimate, the authors have specified that it is a "self-extracting, pdf format".
The exe file, of course, is Zbot , and the campaign is just another of a long string of campaigns that we have reported on recently, including IRS, Facebook, MySpace, Microsoft Updates and others. The interesting thing about this campaign is its wide appeal. Anyone who has done an electronic payment of any sort might be curious or concerned about this email, as opposed to a typical phishing campaign which targets a specific financial institution. So the campaign authors are looking for the biggest bang for their buck, or perhaps your bucks if they are successful in installing Zbot on your computer.
