E-Mail Scammers Masquerade as IT Department of India, Serve Malware

According to Satnam Narang Senior Security Response Manager at Symantec to PTI, over the past three months, his company saw malware-laced e-mails asserting as communication from the Department of Income Tax. Symantec's report delineates that out of this total number of scam e-mails, 43% got distributed in India, with USA and UK following at 20% and 14% respectively.

Narang adds that two different e-mails have been circulating in India. One, which asserts that several thousand INRs were debited to the bank account of the e-mail receiver to meet his tax dues, while the other, a replica of the real intimation from IT Department. Narang believes this malicious activity is likely to expand more as the time of financial year draws closer when the general public files their returns. Now, whilst each of the e-mails has a different template, all aim at contaminating people's PCs with a Trojan created for stealing information by logging their keystrokes.

The e-mail telling about debiting the recipient's money carries one attachment which supposedly is the payment's receipt. The message is designed to garner system information such as the OS version running and open windows' titles all transmitted to the scammer's C&C (command-and-control) server. Deccanchronicle posted this, January 21, 2016.

Narang says the so-called payment receipts arrive as zipped folders which carry info-stealing malware which Symantec identified to be Infostealer.Donx. The other e-mail, a replica of an original IT communication, having PAN (Personal Account Number) for recognizing an Indian taxpayer consists of one zipped attachment, which isn't password-protected. Narang further states that different from what the e-mail asserts, there's no PDF document within the zipped archive. Rather there's one more information-stealing Trojan, identified as Trojan.Gen.

Additionally the scammers create spoofed domain-names to make the e-mail ids look like they're from India's Income Tax Office so that the messages appear increasingly persuasive. The spoofed ids are unique for every e-mail recipient which makes the message credible as sourced from the IT Dept. In India, the Department-of-IT does dispatch personal electronic mails to taxpayers.

Conclusively, Narang says, people mustn't view dubious-appearing e-mails while inform about such e-mails to CERT-In (Indian Computer Emergency Response Team).

» SPAMfighter News - 1/28/2016