NACHA payment rejected – malware (not phishing)

Last week we reported about a large outbreak of emails that inform recipients of rejected IRS payments. The IRS theme has now been replaced with NACHA-themed emails that contain virtually identical content – including links to malware executable s that are presented as “self-extracting” PDF files. NACHA manages the development, administration, and governance of the ACH Network which provide for the interbank clearing of electronic payments for participating depository financial institutions. 

While researching this attack and the IRS-themed attack it has become apparent that some blogs and security information sources (as well as warnings on the sites themselves) are grouping these attacks with phishing attacks that targeted these organizations in the past. We hope it is clear that the attacks of the past week are not phishing attacks, but rather malware attacks that have a much broader threat potential then phishing aimed at a particular organization.