Criminals have launched an major e-mail campaign to deploy the infamous ZeuS Trojan, blasting out spam messages variously disguised as fraud alerts from the Internal Revenue Service, Twitter account hijack warnings, and salacious Youtube.com videos.
According to Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham, this latest attack appears to be an extension of a broad malware spam campaign that began at the end of May.
The fake IRS e-mails arrive with the tried-and-true subject line “Notice of Underreported Income,” and encourage the recipient to click a link to review their tax statement.
All of the latest e-mails use a variety of URL shortening services. For example, this shortened link (currently live and dangerous, and therefore neutered here)…
….when clicked reverts to:
….which takes the user to one of dozens of identical Web pages that spoof the IRS and encourage visitors to download and review their tax statement, which is of course a powerful and stealthy password-stealing program.
Warner said anti-virus detection for this malware is extremely low: Only three out of 40 different anti-virus products detected the file as malicious, yet none of those currently identify it for what it is: Another new version of the ZeuS Trojan.
These broad attacks usually are quite successful, and in the past they have been used to great effect by the same criminal gangs that have been stealing tens of millions of dollars from small to mid-sized businesses. In September 2009, I wrote about a landfill service company in New York that had $150,000 stolen from its online bank account after an employee opened one of these ZeuS-laden bogus IRS e-mails.
A word to the wise: Do not click on attachments included in unsolicited e-mails, especially those that encourage you to act quickly or else suffer some scary fate. These are almost universally scams or attempts to plant malicious software on your computer. Also, note that the IRS has stated emphatically that it does not communicate with citizens via e-mail.