Malware Attached on IRS Notification
The Internal Revenue Service (IRS) kicked off the tax season on January 4, 2011,
and taxpayers from the US have until April 18 to file their tax refunds. During tax season, of course, spammers are once again on the look-out for targets that would fall for their tactics.
Trend Micro content security engineers has received spam samples that purported to have come from the IRS. The spam, which bears the subject IRS Notification - Fiscal Activity ID #{7 numbers}, contains a compressed (in .ZIP) attachment that tricks recipients into believing that it is a document file they need to print. The said file is found to be malicious, and Trend Micro detected it as TSPY_ZBOT.SMHA, a spyware capable of stealing user credentials. Note also that Trend Micro engineers have found invisible salad words within the body of the email (see Figure 2). This tactic is used to prevent the spam from being captured by email filter.
Recipients are advised to delete such mails when received in their inboxes. Never attempt to open the attachment if you don't want to risk system infection.
Trend Micro content security engineers has received spam samples that purported to have come from the IRS. The spam, which bears the subject IRS Notification - Fiscal Activity ID #{7 numbers}, contains a compressed (in .ZIP) attachment that tricks recipients into believing that it is a document file they need to print. The said file is found to be malicious, and Trend Micro detected it as TSPY_ZBOT.SMHA, a spyware capable of stealing user credentials. Note also that Trend Micro engineers have found invisible salad words within the body of the email (see Figure 2). This tactic is used to prevent the spam from being captured by email filter.
Recipients are advised to delete such mails when received in their inboxes. Never attempt to open the attachment if you don't want to risk system infection.
SPAM BLOCKING DATE / TIME: February 23, 2011 GMT-8
TMASE INFO
- ENGINE:6.5
- PATTERN:7974