Computer Forensics - Bogus IRS Notices Contribute 10% of Spam

Gary Warner, Director of Research in Computer Forensics, the University of Alabama (Birmingham), warned that nearly 10% of total spam messages presently circulating on the Internet are fake IRS notices, as reported by Tech Journal South on September 28, 2009.

The Department of Homeland Security's Computer Emergency Readiness Team (US) also warned that Internet users should take guard against convincing e-mail virus scam that befool them (users) by saying that it came from the IRS auditors.

Researchers at the University of Alabama applauded the steps of issuing alert about the threat by the high profile government agency. This is quite important at a time when a large number of businesses falling to these alluring messages.

First spotted on September 9, 2009, the spam messages generally contain a subject line - "Notice of Underreported Income." They encourage recipients to download attachment which is actually a Trojan that takes user to a website capable of installing malicious software on their computer.

Analysis of the campaign reveals that it is a variant of the Zeus Trojan that penetrates into bank accounts. In fact, the detection of Zeus Trojan is a nail biting task as it easily bypasses some antivirus programs. According to some reports, small businesses have seen the worst hit from it.

Researchers state that the scam is pilfering over $1 Million every day from victims' accounts and the campaign is showing no sign of retarding. Another anti-spam vendor 'Cloudmark' confirms the report by saying that over 11 Million messages have hit inboxes of its 2 Million customers.

Landfill Service Corp., a New York-based company that deals in solid waste, has recently become victim of the scam. In the third week of September 2009, the company discovered that cyber criminals had used the Zeus Trojan to steal the company's Internet banking credentials. All this happened following the transfer of $150,000 from online account of the company in a series installments of sub-$10,000 to 20 conspirators, money mules around the country hired in job scams.

Landfills President said that the company had recovered some of the funds though it might loss at least $92,000 from the incident. Meanwhile, the IRS warned to avoid clicking on attachments and following links provided in the e-mails claiming to have come from the agency.

Related article: Computer Virus Writers Adopt New Strategy

» SPAMfighter News - 10/16/2009