2010 Tax-Themed Malicious Emails
Websense Security Labs™ ThreatSeeker™ Network has detected a wave of tax-themed malicious email. While the tax theme in spam email is common all year round, it is interesting to see the different strategies malicious authors use in their campaigns.
We have seen reports last June about email with the subject "Notice of Underreported Income". Today, we have seen a couple of email having the same subject but with different attack strategies.
The first sample below uses a malicious link just like those distributed earlier. Unlike earlier malicious email, which redirects to a fake IRS site that instructs the user to download a malicious file (tax-statement.exe), this link saves the victim a couple of clicks by prompting to download a file (adobe_flash_install.exe) immediately without going to a fake IRS site.
The second sample below is more aggressive in that the malicious zip [MD5:dfbb95730b2377cccf8372107bdef503] is attached in the email. It is recognized by 1/42 AV engines via VirusTotal.
In addition to these, we are seeing malicious email with the subject “You are in a higher tax bracket”. It also has a malicious zip [MD5: 3b9c60c761734fcd4ac7a753c93ec5d1] attached to it and is recognized by 1/42 AV engines via VirusTotal.
Websense® Messaging and Websense Web Security customers are protected against this attack.