Virus Warning – Email Subjects – IRS Notice – Important Information from the IRS



I’ve seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the “tax software update” that they are pushing is a virus. (SHOCK!) Only a little over half the antivirus vendors currently detect it.

Read on for details on the message body…


I ran it through virustotal and it’s a variant of mytob according to some antivirus vendors.

Here’s the body:

Dear Tax Payer,

As part of new requirements from the IRS, all U.S. Citizens are required by law to update their computers with new tax software.

To begin the update, please visit http://65.15951047 and click “Open” when asked how to begin the download.

After doing so, no further action is required on your part.

Thank you for your cooperation,
IRS.GOV Agent #7[3

=======================

The only variation in the text between messages seems to be the last line...

IRS.GOV Agent #0[3

is what I saw in another message.

Both messages seem to be from the same machine... here's the initial received header.

Received: from Exploit ([92.48.88.145]) by domainremoved (8.13.1/8.13.1) with SMTP id m24LIbv9002684 for
; Tue, 4 Mar 2008 14:18:39 -0700

Gee, looks like a cool uberhacker calling their machine “Exploit” —better look out for them….

Sender addresses seem to be quasi-random… name+2-3numbers@irs.org (I wonder why they didn’t just try to spoof irs.gov?)

The address should not be visited obviously without the biohazard suit…, it contains a file program.exe served up in an frameset which means that on visiting the page there is a file popup to download/run.

The http address resolves to a machine at ip address 65.243.100.199 – I can’t seem to get a reverse lookup on it – no ptr record?

As always, proceed with caution when dealing with links in emails or files attached to emails.

Related Posts

Blog Traffic Exchange Related Posts
  • Remote tech support with anything - would I do it? I've tried to ask myself if I'd trust someone enough to let them run a remote session on my own desktop to solve a problem. I think the answer is "it depends". If you think about it, I do tech support for home users quite a bit and they let......
  • Interesting problem In doing a routine Google for my name... I ran across a website which has my email address and too many others to count in a plain text file. The site is configured to allow browsing of all files/folders and the text file claims to be 1 of 2, and......
  • Sun java update process vulnerable The Java Runtime Environment from Sun has a vulnerability that's due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a......
Blog Traffic Exchange Related Websites
  • 10 Ways to Stop SPAM from Your Own Website Do you get a lot of SPAM emails in your inbox? Do you also publish your email address on your own website or blog? Did you know that for less than £10 anyone can buy a piece of software that automatically harvests email addresses from web pages? So if......
  • An Early Visit with the Tax Man and Weekend Reading Yesterday was the deadline to pay estimated federal income taxes. Although I have taxes withheld from my paychecks, we always end up owing money at tax time. Sometimes the amount we owe puts us close to or in the underpayment penalty range. My normal method of solving that problem is......
  • List Building Upkeep, A Significant Part of Online Marketing List building is an essential part of your online marketing strategies. Maintaining your list becomes the next significant step.How are you able to best keep your subscriber list safe and profitable?2 easy systems will help: white listing your e-mail address sendingbi-monthly reminders Tell Your New Customers to White List Your......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site