The spam filters have been busy over the last couple of days, with a number of Emails with the title of ACH NOTIFICATION and ACH Payment [Number] Rejected. In each case the email contains an attachment purporting to be a self extracting PDF file.
Of course, on closer examination the supposed self extracting PDF file is a malware down-loader, no doubt ready and waiting to connect you to one or more bot nets. This is a common scenario with a spammed-out trojan down-loader triggering the execution of multiple pieces of malware on the unwitting user’s computer. In this case, Sophos anti virus detects the file and identifies it as Mal/BredoZp-B. For a detailed analysis of the activities of the spam payload, see the article on the ACH spam campaign by M86 security labs via the link below.
Automated Clearing House (ACH) is an electronic network for financial transactions in the United States. As usual with this type of spam and associated malware, ACH have no connection with the email, so there is little point in blocking the sender’s address, in our case ach.01 at nacha.org.
Once again our advice is that you should not open any unexpected emails, or unsolicited attachments, as in this case it will attempt to infect your Windows computer. Just press delete and double check that your anti-virus software is up to date.
Resources relating to ACH Spam With Malware Attachment: