MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
06 March 2008

Another New IRS Malware Scam


Tax Season is here and the IRS scams just keep on coming.  We've already seen and talked about many different variants of the IRS phishing emails that say you are due a refund that they will gladly refund to your credit card, but now it appears that the scams have moved into malware downloads.

We've seen a new IRS scam over the past couple of days which is trying to trick users into thinking that they need to update the tax software on their system.  Why would the IRS care what tax software you have on your system or if you have any at all?  Of course, the real answer is, "They don't." 

An example of the message that we are seeing:

Dear Tax Payer, 
As part of new requirements from the IRS, all U.S. Citizens are required by law to update their computers with new tax software.
To begin the update, please visit hxxp://nzkaa . info and click "Open" when asked how to begin the download.
After doing so, no further action is required on your part.

Thank you for your cooperation,
IRS.GOV Agent #4[3

The URL above is obfuscated in the event that it is still hosting malware.  At the time that I visited the site it appeared as if it had been taken down, however the registration of the domain is still active, so it is possible that it could move to another IP and be a malignant site again. 

A couple of interesting/humorous things about this new spam:

-- Every spam message that has hit our systems relating to this scam has come from the same IP address: 92.48.88.145, an IP out of the UK (I wasn't aware that the IRS had offshored their email distribution :) )
-- The web site in the spam is currently (subject to change while the domain is still active) being hosted on an IP out of the Bahamas.  Another thing the government has decided to offshore, apparently.
-- Every message has HELOd (the start of the SMTP conversation) as "Exploit".  At least they're honest :)

As with the other government agency scams that we have seen to date, volume is low.  The MX Logic Threat Operations Center processed around 2,000 of these messages on 2/4, 1,600 on 2/5, and about 550 so far today (as of 1pm MST). 
As with the other IRS and other government agency scams that have preceded this one, the government does send personal email to alert you of software updates, refunds, or any other official matter.  The IRS knows how to get a hold of you if they need to do so. 

Categories: Malware Spam Government Scams
Posted by smasiello at 1:21 PM | Link | 1 comment
Comments
Re: Another New IRS Malware Scam
no comment
Posted by Angelica Blue on March 7, 2008 at 7:06 PM

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC