1 min read

Fake IRS Notice of Underreported Income

Răzvan LIVINTZ

September 19, 2009

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Fake IRS Notice of Underreported Income

September 15th US taxpayers should file their
2008 tax return, an event that did not escape unnoticed by cybercriminals, who
began another malicious offensive with a medium spam wave. The spam message
used as bait requires the taxpayers to review their unreported or underreported
income statement, providing them with an alleged customized link towards the
IRS Web site.

Fake IRS Form

The link does not lead to the agency portal, but to a Web
page (registered on an .eu domain) that
mimics an on-line form, employing several visual identification components of
the original IRS Web site (namely the logo and the general formatting elements).

fake irs form

The page also provides a link of a purported tax statement
that the user should download and execute. However, upon clicking the user does
not download an e-form, but receives a malicious payload that BitDefender
detects as Trojan.Generic.2436384, which is, in effect, another version of the
infamous ZBot.

This long-lasting Trojan has rootkit components that help
him to install and hide itself on the compromised machines either in the
Windows or Program Files directory. It injects code in several processes and
adds exceptions to the Microsoft

tags


Author


Răzvan LIVINTZ

I rediscovered "all that technical jazz" with the E-Threat Analysis Team at Bitdefender, the creator of one of the industry's most effective lines of internationally certified security software.

View all posts

You might also like

Bookmarks


loader