Targeted Irs E-Mail Scam Chooses Organizations

ESoft, the security company is warning consumers to remain vigilant of an ongoing phishing scam. Appearing similar to the ordinary Internal Revenue Service e-mail scam, the recent malicious campaign, however, has a fresh twist. It distributes targeted e-mails among organizations, informing the recipient that certain complaint related to tax evasion has been lodged against the organization.

Explains Patrick Walsh CTO of eSoft, if any user opens a given attachment in the scam e-mail, then his system will be infected with a malicious Trojan. InfoSecurity reported this on February 8, 2010.

Apparently, users feel inclined towards viewing the e-mail because it contains an attached document named "balance report." Being a Microsoft Word file, the attachment gains the trust of most users, who move ahead to click on it for more information.

But, the file in reality uses the Rich Text Format and has an obfuscated executable. When clicked, a message appears that there was an error so the user must click again for starting the Word program. However, when the user does so, it results in the malicious executable's installation on his system.

Consequently, there begins to run two processes, which are appended to Windows startup for running whenever the system boots. According to eSoft, these processes transmit stored data from the computer to the remote hacker with the help of HTTP connections.

Since the attack is malicious, Walsh suggests end-users to exercise caution while handling supposed warnings or reminders apparently from the IRS.

Meanwhile, IRS again repeated that it wouldn't ever contact its users through electronic mails. Consequently, it tells both individuals and organizations that if an e-mail comes to them stating it's from IRS alternatively takes them onto an IRS website then they must avoid clicking it at the very outset.

Secondly, users mustn't click on any unknown attachment since it may have malware. Also, they must forward the e-mail to IRS and then delete it. Affected entities can as well use IRS' toll-free numbers to notify the phishing fraud.

Lastly, organizations already affected with the e-mail scam should scan their computers with anti-virus software so that the infection doesn't spread further.

Related article: TRUSTe Certified Websites May Still Contain Malware

» SPAMfighter News - 2/18/2010