Spam Attacks Rise This Tax Season
As the tax deadline in United States draws closer, cyber criminals are waging increasing number of spam attacks with the theme of tax in their messages, warn researchers at Symantec. In the newly documented attacks, the tax period is used as a means to entice computer users into loading malware onto their systems, as reported by Vnunet on March 18, 2008.
Kelly Conley, Security Researcher, Symantec, said that the company recently observed certain new kinds of spam in connection with the tax season. The spam appeared to be malicious as they direct users to download files that contained a virus, as reported by Vnunet on March 18, 2008.
In fact, one particular attack directly imitates the US's IRS (Internal Revenue Service). In that attack, the user is delivered e-mail apparently from an IRS address.
The message addresses the taxpayer saying that as per the new requirements of the IRS, all citizens of US are being required to update their PCs with the new tax-related software. For that the user needs to visit irs.gov/softwareupdate and then click "Open" etc., continues the message.
As the user follows the instructions, he is directed to an apparently official IRS page. But, the page is deceptive as it leads to another page from where a Trojan program is installed onto the user's system. All this happens because the user trusts the software to be real.
Symantec researchers also uncovered another type of attack that mimics the TurboTax tax preparation software. This message too tells the unsuspecting user to update his software as part of a newly introduced law. The potential victim is then taken to a phony TurboTax update Web page, which results in a Trojan download.
Researchers pointed out that one can detect the malicious attack by looking for the sender's exclusive "turbotax.cn" domain and a suspicious looking address pointing to a malware download page.
Therefore, Symantec researchers are suggesting vigilance on the part of taxpayers during the tax period as hackers could be attacking to spread viruses and steal people's personal information. Also, computer users should not download anything unless they are sure. Further, they should update their security software to combat viruses.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 29-03-2008