14 DAY TRIAL // Researchers from email security vendor AppRiver warn of new email spam campaigns that generate fake communications from the Internal Revenue Service, the Board of Governors of the Federal Reserve and the Electronic Payments Association (NACHA).
The rogue emails use different tricks to lure users to links that distribute a version of the notorious ZeuS banking trojan, usually masked as a pdf file.
The fake IRS emails, which according to AppRiver, account for the majority of the recent ZeuS spam, bear a subject of "Unreported/Underreported Income."
The messages encourage recipients to download a tax statement. The malicious files are hosted on multiple domains including irs-report-file.com, irs-tax-reports.com, federal-taxes.us, irs-alerts-report.com, and files-irs-pdf.com.
The name of the files varies depending on the domain used. Some of the IRS-related files have names like your-tax-report.pdf.exe, 00000700955060US.pdf.exe, tax_00077034772.pdf.exe or 3029230818209.pdf.exe.
Spam emails posing as notifications from the Federal Reserve claim that an outgoing wire transfer was not processed by an intermediary bank and ask recipients to view the transaction report.
The NACHA messages similarly claim that a transaction did not complete successfully and offer a report for download. In both cases the files have a .pdf.exe extension.
According to a recent report from security vendor Trusteer, the distribution of ZeuS has spiked in recent months after the malware's source code started to be freely distributed on underground forums.
The company claims that the number of ZeuS infections outnumbers those of its biggest rival, SpyEye, four to one. The banking trojan continues to remain the most serious threat to financial institutions and their customers.
All of the organizations spoofed in these recent spam campaigns observed by AppRiver have been targeted in a similar manner in the past. Users are advised against clicking on links in unsolicited emails, anf encouraged to verify any such claims over the phone with the corresponding institutions. Scanning all downloaded files before opening them with one or multiple antivirus programs is also recommended.