Fraudulent emails regarding failed direct deposits

December, 2011
A new malware attack is luring victims by using web-based exploits to perform a 'drive-by' malware download under the guise of an electronic money transfer.  The attackers make use of Google's goo.gl link-shortening service to hide the location of the attack site.  The attacks claim to originate from the 'Electronic Payments Association' or ‘NACHA’ and notify potential victims of a failed direct deposit attempt, outdated software, or ID/password issues. Clicking on the link included with the message redirects to a site which attempts to perform a number of exploits using vulnerabilities in Flash and Java.