Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Bogus Intuit E-mail Leading towards Malicious Load

Several spam e-mails claiming to be coming from Intuit, the company that manufactures QuickBooks book-keeping software, are spreading across the US, according to security firm SophosLabs. The message informs the receivers that Intuit wants to confirm their particulars including name and tax identification number (TIN) as the information stored by it is dissimilar to the data provided by the Internal Revenue Service (IRS).

The e-mail is sent from the address update@intuit.com or security@intuit.com, and contains subject lines like "verify your tax information ASAP," or "Tax information needed within 30 Days", as published in infosecurity on February 7, 2012. The message affirms the fact that Intuit maintains truthful information on its systems. It has participated in the IRS Name and TIN matching program, but due to some reasons, the information specified in its account is not the same as provided by the IRS. The message also includes the link to "check and verify" data.

People who had clicked on such a link were moved to an internet page which included JavaScript representative of websites grimy with Blackhole exploit kit. Chester Wisniewski of SophosLabs says that this attempt could bring in a malevolent load, including fake anti-virus or scareware. Suspecting that this might be worse than a phishing attack, Intuit has advised its customers to avoid such mails.

Conspicuously, the BlackHole exploit kit is a dominant piece of malicious software introduced by the same group as the Zeus financial trojan. Priced at US$ 1,500 for 12 months, it initially appeared in the Q3, 2010. But, later on during May 2011, the malware was started to be offered free-of-charge.

Internet users have been recommended to avoid interacting with such distrustful electronic messages. It helps to make sure that the host is free from susceptibilities as it is usually exploited by cyber malicious software exploitation kits.

The IRS further conceded that personal information from the customers is never requested through personal e-mails. Moreover, such messages are always better to be ignored and deleted. Nevertheless, it is of utmost importance for customers to vide with any legal notice from the IRS that intimates about the existence of more than one tax return being filed in the name of an individual for there could be someone else stealing the user's good name.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 2/15/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page