Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security

February 16th, 2011, 11:59 GMT · By

Dangerous IRS Spam Run in Circulation

SHARE:

Adjust text size:

Fake federal tax payment email notifications carry Zeus
Enlarge picture
Security researchers from email security provider AppRiver warn of a new IRS-themed spam campaigns which takes advantage of the tax filing period to distribute a variant of the infamous ZeuS banking trojan.

The rogue emails bear a subject of "Your Federal Tax Payment Notice sn#######" (where # is a digit) and have forged headers to appear as they originate from an IRS address.

The message within advises recipients that their tax return filing was rejected by the Electronic Federal Tax Payment System (EFTPS) and asks them to correct the error.

"Urgent Report! Your Federal Tax Payment ID: ########## has been rejected. Return Reason Code R21 - The identification number used in the Company Identification Field is not valid.

"Please, check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section," the message reads.

The attached file is called IRS-TAX-Notification-printing-form-SN########.zip and contains a variant of the ZeuS crimware that has a very low detection rate on Virus Total.

It's pretty clear from the message that whoever is behind this spam run is targeting companies and ZeuS has a long track record of helping fraudsters steal money from organizations.

According to AppRiver security researcher Troy Gill, the fake emails are not only well crafted, but also very well timed.

"Every individual claiming certain deductions and using tax software to e-file their return would have had their tax return held by the tax preparation company [...] until Feb. 14th, then sent automatically [...].

"Most of these individuals would have received an email yesterday stating that their tax return has been 'sent' to the IRS and that they would receive another email confirmation once the return had been 'accepted'," the security expert explains.

Of course, these emails should come from the tax preparation company and not from the IRS. In addition, this "code R21" trick has been used in malware distribution campaigns so hopefully some people are already aware of it.


2,439 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


New IRS Spam Carries Infected PDFs Hidden Inside DOC Files
New IRS-Themed Scam in Circulation
IRS Does Not Properly Dispose of Taxpayer Records

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use