Cutwail Botnet For New Spam Campaign Spoofing IRS

The MX Logic group of security software from McAfee has discovered a new spam campaign, which while being pushed from the Cutwail botnet uses the alphabets IRS so as to victimize as many unsuspecting e-mail recipients as possible.

The hoax message being sent to recipients to the count of 90,000 e-mails per hour apparently originates from no-reply@irs.gov that attempts to dupe users into getting convinced that IRS has misreported their information on IT returns. In addition, the e-mail recommends that the recipients answer the e-mail as an opportunity to get their returns rectified.

Furthermore, there is a web-link provided within the unsolicited electronic mail that pretends to let recipients view their current information about tax returns via the Internet. Also, while the link isn't crafted to straight away contaminate the user's system, it nevertheless diverts the user onto a malicious website that delivers malware.

Thus the offensive website gives out an application named "tax_statement.exe," which if downloaded, infects the system that is subsequently added to an army of other infected systems that are inter-connected into a botnet made to spew spam.

Meanwhile, vice-president of information security Sam Masiello at MX Logic said that the e-mails tried to lure recipients into taking action even before they could ponder. SCMagazineUS.com published this on September 20, 2009.

The vice-president further said that the e-mails also did not aim at specific business persons as akin to spear phishing schemes.

Moreover, a spokeswoman of IRS stated that the agency knew about the scam, therefore it asked recipients to send over the spoofed e-mails at phishing@irs.gov.

She also said that the agency urged people to be wary of e-mails that posed as messages from the IRS and further reminded that the IRS neither ever dispatched unsolicited e-mails nor sought financial or other personal information via e-mails.

Furthermore, during July 2009, a report from TRACELabs stated that 75% of all spam across the world was found as originating from merely five botnets. Accordingly, while Rustock was the largest botnet distributing a good 40% of the total worldwide spam, Cutwail was the next biggest botnet distributing spam on the Internet.

Related article: Cutwail Botnet Revives within 48 Hours of ISP Shutdown

» SPAMfighter News - 10/1/2009