Virus Warning – Email Subjects – IRS Notice – Important Information from the IRS



I’ve seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the “tax software update” that they are pushing is a virus. (SHOCK!) Only a little over half the antivirus vendors currently detect it.

Read on for details on the message body…


I ran it through virustotal and it’s a variant of mytob according to some antivirus vendors.

Here’s the body:

Dear Tax Payer,

As part of new requirements from the IRS, all U.S. Citizens are required by law to update their computers with new tax software.

To begin the update, please visit http://65.15951047 and click “Open” when asked how to begin the download.

After doing so, no further action is required on your part.

Thank you for your cooperation,
IRS.GOV Agent #7[3

=======================

The only variation in the text between messages seems to be the last line...

IRS.GOV Agent #0[3

is what I saw in another message.

Both messages seem to be from the same machine... here's the initial received header.

Received: from Exploit ([92.48.88.145]) by domainremoved (8.13.1/8.13.1) with SMTP id m24LIbv9002684 for
; Tue, 4 Mar 2008 14:18:39 -0700

Gee, looks like a cool uberhacker calling their machine “Exploit” —better look out for them….

Sender addresses seem to be quasi-random… name+2-3numbers@irs.org (I wonder why they didn’t just try to spoof irs.gov?)

The address should not be visited obviously without the biohazard suit…, it contains a file program.exe served up in an frameset which means that on visiting the page there is a file popup to download/run.

The http address resolves to a machine at ip address 65.243.100.199 – I can’t seem to get a reverse lookup on it – no ptr record?

As always, proceed with caution when dealing with links in emails or files attached to emails.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft Genuine Advantage phones home daily Microsoft says they need to do a better job about disclosing this, but the Genuine Advantage tool contacts Microsoft daily. It doesn't do this to track your browsing or downloading habits, but to check and see if it's ok that it's still running. According to this article, they have some......
  • Windows updates for February could set record There could be a record number of vulnerabilities addressed next week when Microsoft releases an expected dozen updates for its Windows and Office products. (According to Brian Krebs at the Security Fix.) Tuesday February 13th is the date scheduled for the release of updates. One critical udpate will affect Microsoft's......
  • Other MS patch news as well as a Yahoo vulnerability? Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch day from Microsoft. From MS... "this is a DoS only issue that was not addressed in......
Blog Traffic Exchange Related Websites
  • Self Employment Tax For those who are self employed, the self employment tax and the burden it imparts is a major stressor that can make things tense for those with their own businesses. All it takes is a small bit of time and know how to overcome the burden. The first time you......
  • KNS Financial Weekly Twitter Updates for 2010-01-24 We've added a few new features to the website recently. Including a direct link to donate to the Haiti relief... http://bit.ly/7bT527 # RT @ChristianPF: Five Reasons to Stop Contributing Toward Retirement http://bit.ly/5mJyuV <---Excellent article. Very insightful. # RT @taxtweet: stuff you gotta think about before starting to work on......
  • MonaVie Blackmails Me? I got an interesting email a yesterday from a person who says his name is DeeDee (yep he really chose the email address of notverynicedude@gmail.com) that I'd like to share with all of you. It isn't very much related to personal finance, but I know a lot of you are......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site