Malware Purveyors Launch Fresh IRS-Related E-Mail Scam

Investigators from Trend Micro the security company caution that bogus IRS (Internal Revenue Service) e-mails are circulating online while they pose as messages from "Payment IRS.gov" and contaminate people's computers with malware.

Bearing the caption "Internal Revenue Service United States Department of the Treasury," the malicious electronic mail tells the recipient that he has committed tax fraud. In this connection he should examine his tax statement by following a given web-link to the IRS site. But when the user follows the web-link, he's prompted for taking down one newly launched LICAT variant, which Trend Micro identified as TSPY_ZBOT.WHZ.

Amazingly, similar to any LICAT sample, TSPY_ZBOT.WHZ produces Web-addresses with the help of a computation keeping the present date as base. It (the Trojan) links up with the Web-addresses so the configuration file associated with it can be downloaded. The file, reportedly, consists of information regarding the Internet sites which it'll keep watch on along with the website onto which it'll transmit all stolen info. What's more, the malware as well seems like focusing on the standard activities of ZBot which include stealing of data as well as attempts at bypassing detection by anti-virus software.

Unluckily, the LICAT malware, which security researchers have found on the Web isn't surely the last sample detected.

Roland dela Paz, Engineer at Trend Micro said that following the leakage of the source code of Zeus, the company had been observing persistent malevolent activity from the LICAT gangsters also called ZeuS 2.1.0.10 Gang. Until now the gang had managed in working with the exposed source-code as well as making it up-to-date. Thus the con artists responsible for such operations, most decisively required monitoring on, while they couldn't be expected for exiting from the cyber-crime scenario over the near future, Roland remarked. Blog.trendmicro.com published this on July 27, 2011.

Eventually, for lessening such assaults, researchers recommend end-users that they mustn't follow any web-link, which come through inbound e-mails since it might have malicious software similar as in the above mentioned instance. Furthermore, they should forward such doubtful messages at phishing@irs.gov the e-mail id of IRS before trashing them permanently.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 8/8/2011