Fake IRS Notice of Underreported Income
September 15th US taxpayers should file their 2008 tax return, an event that did not escape unnoticed by cybercriminals, who began another malicious offensive with a medium spam wave. The spam message used as bait requires the taxpayers to review their unreported or underreported income statement, providing them with an alleged customized link towards the IRS Web site.
The link does not lead to the agency portal, but to a Web page (registered on an .eu domain) that mimics an on-line form, employing several visual identification components of the original IRS Web site (namely the logo and the general formatting elements).
The page also provides a link of a purported tax statement that the user should download and execute. However, upon clicking the user does not download an e-form, but receives a malicious payload that BitDefender detects as Trojan.Generic.2436384, which is, in effect, another version of the infamous ZBot.
This long-lasting Trojan has rootkit components that help him to install and hide itself on the compromised machines either in the Windows or Program Files directory. It injects code in several processes and adds exceptions to the Microsoft® Windows® Firewall, providing backdoor and server capabilities. It sends sensitive information and listens on several ports for possible commands from the remote attacker. It also attempts to connect and download files from servers with domain names apparently registered in the Russian Federation.
New variants are also able to steal bank-related information, login data, history of the visited Web sites and details the user input and to capture screenshots of the compromised machine's desktop.
To protect your systems and data and avoid becoming a victim of the on-line tax frauds, follow the ten security tips below:
- install and activate a reliable antimalware, firewall solution and spam filter, such as those provided by BitDefender.
- update your antimalware, firewall and spam filter as frequent as possible, with the latest virus definitions and suspicious applications/files signatures.
- scan your system frequently.
- check on a regular basis with your operating system provider - download and install the latest security updates and malicious removal tools, as well as other patches or fixes.
- do not open e-mails and e-mail attachments from senders you do not know, especially when containing Tax-related text in the Subject line.
- do not respond by submitting any personal information (such as user names and passwords, social security number, bank account or credit card numbers) to any alleged e-mail requests from the IRS or tax preparation companies. These organizations usually do not send general e-mails (addressed to a "Dear taxpayer"), but customized printed notification forms (including your full name, as well as other unique identification details) through a regular postal service. If you have any doubt about an e-mail you received from such organization, contact them immediately.
- do not click any links contained in the spam e-mails, including the "unsubscribe" ones; you might trigger other malware and compromise your system's security.
- when sending sensitive data on-line, ensure that the recipient Web site uses SSL encryption (Secure Socket Layer) and security authentication methods - look for the "https" prefix and the locked padlock, as depicted in the image below:
- if you are requested to accept a certificate for the session, check that the name on the certificate matches the name of the institution you wish to deal with and that the certificate is signed by a known Certificate Authority such as ThawteTM or VeriSign® before accepting.
- if you have any suspicions, do not hesitate to contact the authorities:
- Social Security Administration
- Federal Bureau of Investigation
Copyright 2011. Site powered by Bitdefender
Guest said on Jun-9-2010 17:51