Webroot Detects Tax-Themed Scam Messages Masquerading as IRS Online
Security researchers from Webroot the security company have detected fake e-mails purporting to be from IRS (Internal Revenue Service) of the United States, telling recipients all over the globe that the tax-collecting agency has annulled their returns, while attempting at making them click on one harmful web-link.
And though people living outside USA, aren't likely to believe the fraudulent messages, reasons being obvious, a few American citizens may actually become anxious on reading the same, and thereby click on the web-link that leads onto one fake page named "Page loading..." that is supported via different hijacked websites.
Now, the said diversion to the fake pages is done via a Java script, where the pages deliver an attack toolkit namely BlackHole. Unfortunately, merely 8 anti-virus engines from the total 41 of VirusTotal have been able to currently spot the mentioned Java script.
On the other hand, fortunately, after the toolkit abuses any of the twin program vulnerabilities it's supposed to, a minimum of 50 percent of the said engines are able to spot the malicious programs, Trojan Cridex included, that are installed in an assortment on the affected computer.
And once executed, the malicious programs contact one special IP address over phone. Webroot says that this Internet Protocol address viz. 22.214.171.124 is the same that associated with a few lately profiled malware-laced junk e-mail schemes where the related domains were malevolent.
Worrying, it's because of the above kinds of malevolent spam mail schemes that's resulting in an increase in malware online, remark the researchers at Webroot. Their statement received the backing of Symantec, another security company through its data released in its 'Symantec Intelligence Report for July 2012' that reveals a 26.5 percent rate of virus-laced e-mails with web-links taking onto harmful sites, during the month, and 1.5 percent more compared to that of June 2012.
Conclusively, in a similar spam attack exploiting IRS' name, during February 2012, Symantec's security researchers stumbled upon numerous spam mails, which attempted at duping the recipients in such a way that they voluntarily followed an embedded web-link, which actually led them onto the sinister BlackHole exploit kit.
Related article: Webroot Detects Malware in Presidential Campaign Videos
» SPAMfighter News - 03-09-2012