Earlier this morning our Threat Operations Center noticed a new spam campaign originating from the Cutwail botnet that is sending out emails spoofing the IRS.  We are currently observing traffic averaging about 90,000 messages per hour using this tactic.

The email that users are receiving which appears to come from no-reply@irs.gov is attempting to get them to believe that they misreported their income on their taxes and that the IRS is giving them an opportunity to fix it. 





The email provides a link for the user to view their recent tax statement online.  This link does not directly infect the user's machine, but instead directs them to a website where the malicious code is being delivered from. 



If the user clicks on any of the links on this page, they are directed to download an application called tax_statement.exe.  As of the time of this posting, AV detection for this new variant is low. 

Please remember that the IRS does not know your email address and will not conduct official business with you over email.  Any email purporting to do so is a scam and should be deleted immediately.