recent posts

Adobe Plugs 8 Security Holes in Reader
Mozilla Distributes Virus-Infected Language Pack
Robotraff: A Hacker's Go-To For Clicks
Microsoft Releases Windows XP Service Pack 3
Tech Groups Back Kaspersky in Fight Against Zango

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Beware Targeted Data-Stealing Tax Scam

A fresh round of targeted e-mail attacks is underway, arriving in messages that personally address both the recipient and his or her employer. One pretends to be sent from the IRS requesting more information about company tax filings. Another set of targeted e-mails purport to be sent from Microsoft, urging recipients to download and install a new security update. Both try to trick the user into installing software that steals personal and financial data from the victim's PC.

The messages spoofing the IRS are very convincing (you can see a copy of one sent to one of the corporate finance officer for Sunbelt Software at this link here). The attached file, a screensaver file made to look like an Adobe PDF file named "tax_refund_file.scr", when clicked, silently downloads malware and pops up a seemingly random PDF document as a diversion.

The Microsoft attack arrives in an e-mail with the subject heading: "Critical Patch Released: Microsoft Security Bulletin MS08-64738". The wording of that subject line strikes me as a sly dig at Redmond, which issues its security updates sequentially and doesn't typically issue more than 100 such updates a year. This imaginary update, on the other hand, claims to be the 64,738th patch from Microsoft this year!

Matthew Richard, director of rapid response for iDefense, a VeriSign company, said both attacks appear to have been engineered by the same groups responsible for at least 25 distinct, similarly targeted malware campaigns launched since Feb. 2007, including one spoofing the the U.S. Justice Department. Richard said this latest IRS scam has already tricked more than 1,600 people into opening the malicious attachments.

By Brian Krebs |  April 4, 2008; 2:22 PM ET Latest Warnings
Previous: Consumers Report $239 Million Lost To Cyber Fraud In '07 | Next: Opera Updates and a Black Tuesday Preview

Comments

Please email us to report offensive comments.



Thank You for the info...

Posted by: Del | April 14, 2008 3:51 PM

I looked at the "scam" email referenced.

I cannot believe that some high level exec of a company would believe that the IRS was communicating with them via email.

When the IRS gets in touch with my company, it does so my registered nor certified mail.

Posted by: Peter | April 15, 2008 6:15 PM

I've been getting all sorts of that stuff. Lately its been loans. Just send amount,name address ect. So i've been replying sending the white houses e-mail and MR. GEORGE BUSH AS PRESIDENT OF THE COMPANY. MAYBE HE CAN BARROW ENOUGH TO HELP THE COUNTRY ??

Posted by: marvin barker | April 16, 2008 7:29 AM

kdtb mxdvpaw padwklh shelrxony dxynasc ruepyhm kuio

Posted by: qbrcwayx iaytpfdx | April 17, 2008 2:31 PM

ywnuf eafv lrxd tlhqyj cvkfqsda nboljevc tynxubs http://www.nghmoyrwz.vmkwo.com

Posted by: pfvty lbph | April 17, 2008 2:31 PM

Post a Comment

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.




 
 

©  The Washington Post Company