I’ve seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the “tax software update” that they are pushing is a virus. (SHOCK!) Only a little over half the antivirus vendors currently detect it.
Read on for details on the message body…
I ran it through virustotal and it’s a variant of mytob according to some antivirus vendors.
Here’s the body:
Dear Tax Payer,
As part of new requirements from the IRS, all U.S. Citizens are required by law to update their computers with new tax software.
To begin the update, please visit http://65.15951047 and click “Open” when asked how to begin the download.
After doing so, no further action is required on your part.
Thank you for your cooperation,
IRS.GOV Agent #7[3
The only variation in the text between messages seems to be the last line...
IRS.GOV Agent #0[3
is what I saw in another message.
Both messages seem to be from the same machine... here's the initial received header.
Received: from Exploit ([188.8.131.52]) by domainremoved (8.13.1/8.13.1) with SMTP id m24LIbv9002684 for
Gee, looks like a cool uberhacker calling their machine “Exploit” —better look out for them….
Sender addresses seem to be quasi-random… firstname.lastname@example.org (I wonder why they didn’t just try to spoof irs.gov?)
The address should not be visited obviously without the biohazard suit…, it contains a file program.exe served up in an frameset which means that on visiting the page there is a file popup to download/run.
The http address resolves to a machine at ip address 184.108.40.206 – I can’t seem to get a reverse lookup on it – no ptr record?
As always, proceed with caution when dealing with links in emails or files attached to emails.
Related PostsRelated Posts
- Updating Windows XP SP2 serial number Intelliadmin published this earlier today... with all the problems some people have had with the Genuine advantage notification that their copy of Windows may not be legitimate (many reasons for this...) it may be necessary to buy a new copy of Windows and it would be a nuisance to have......
- Two new Windows exploits in the Wild | Wordpad Text Converter | Internet Explorer 7 XML Parser In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently "limited and targeted" attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is......
- Other MS patch news as well as a Yahoo vulnerability? Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS... "this is a DoS only issue that was not addressed in......
- KNS Financial Weekly Twitter Updates for 2010-01-24 We've added a few new features to the website recently. Including a direct link to donate to the Haiti relief... http://bit.ly/7bT527 # RT @ChristianPF: Five Reasons to Stop Contributing Toward Retirement http://bit.ly/5mJyuV <---Excellent article. Very insightful. # RT @taxtweet: stuff you gotta think about before starting to work on......
- List Building Upkeep, A Significant Part of Online Marketing List building is an essential part of your online marketing strategies. Maintaining your list becomes the next significant step.How are you able to best keep your subscriber list safe and profitable?2 easy systems will help: white listing your e-mail address sendingbi-monthly reminders Tell Your New Customers to White List Your......
- Ping.fm for webOS: Update all your Social Networks from your Palm Phone Fed up of having to update each of your social networks one-by-one? Too many passwords to remember? Ping.fm is a cool application which can update all your social networks in one go. All you need to do is configure your social networks with ping.fm and it takes care of syncing......
- Junk Mail
- Anti phishing information (phighting phishing ?)
- Big trouble – you don’t have any viruses….
- New malware sightings
- Persistent spammers