Alerts E-Threats

Australian Taxtime Used by Online Criminals to Infect Computer with Trojans

Up to 1 percent of approximately one million spam messages sent worldwide are now directed at Australians as they rush to file tax papers.

According to Bitdefender data, over the past month, cyber criminals initiated three separate spam campaigns impersonating the Australian Taxation Office in an attempt to infect the country’s citizens as Australia entered the tax season.

The above graphic shows the three consecutive spam campaigns where the first attack registered approximately 6,000 incidents on July 15th, followed by a second wave of some 4,000 spam e-mails on July 23rd. The third hit was also the campaign peak and occurred on the 6th of August when circa 10,000 spam e-mails were aimed at Australians. This sort of malicious outbreak is expected to continue heavier and more targeted as the taxtime approaches its deadline in October.

Attackers hope their targets are too concerned with their financial duties to double check the sender’s address and discover the con.

The bogus e-mails use slight variations of the following body message: “TAX REFUND NOTIFICATION. After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 6441.80 AUD.” Invariably, it instructs the recipients to open the attachment.

Once accessed, the attachments compromise their systems with malware that steals users’ passwords and login data to their money accounts.

For each of the three shot-lived but aggressive spam campaigns, scammers used as e-mail attachment three variants of Trojans from the notorious Fareit family.

These Trojans steal passwords from the infected system, connects to a command and control center where it sends the identification data of the compromised machine, downloads further malicious pieces among which the banking malware ZeuS and sometimes they take part in distributed denial of service attacks.

The malicious messages were sent from servers located in the United States and UK, but also in Mexico, Israel, Japan, Philippines, Hong Kong, Kazakhstan and Canada.

Spammers also use reputable Australian banks, including CitiBank, Commonwealth Bank, Bank of Melbourne, and National Australian Bank to lure users with dangerous links and malicious attachments and infect their systems with malware.

Unfortunately, urers continue to fall for the oldest trick in the spam book and click links or open attachment that infect their machines with money stealing Trojans or fill in fake forms and give away sensitive identification or card data to perfect strangers that can later on impersonate them in fraudulent acts.

This article is based on the spam samples and the technical information provided courtesy of Adrian MIRON, Bitdefender Spam Researcher; and Cristina VATAMANU & Alexandru MAXIMCIUC, Bitdefender Virus Analysts.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.