The following is from Security Fix http://voices.washingtonpost.com/securityfix/ Steve Posted at 5:10 PM ET, 09/28/2009 New IRS Scam E-mail Could Be Costly The Department of Homeland Security's Computer Emergency Readiness Team is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service. According to one victim interviewed by Security Fix , falling for the ruse could cost you or your employer tens of thousand of dollars. uscertbanner.JPG An alert issued Monday by the U.S.-CERT states: "The attacks arrive via an unsolicited email message and may contain a subject line of 'Notice of Underreported Income.' These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan." The Zeus Trojan is exceptionally good at stealing sensitive data, and it is especially interested in online banking credentials. This fake IRS/Zeus campaign has been ongoing for several weeks now , according to Gary Warner , director of research in computer forensics at the University of Alabama, Birmingham . Still, it's nice to see a high-profile government agency issuing an alert about this threat, as it appears to be hitting quite a large number of businesses (the virus portion of my Postini inbox has been filled with little else these past few days -- click the screen shot below to see what I mean). irsscan.JPG A recent victim of the scam is Landfill Service Corp. , a solid waste company based in Apalachin, NY. Last week, the firm discovered that thieves had used Zeus to steal the company's Internet banking credentials, after the attackers transferred $150,000 from its online bank account in a series of sub-$10,000 payments to 20 so-called money mules , co-conspirators around the country hired in job scams. Landfill's President, Joel Lanz , said the company has recovered some of the funds, though he said it appears the firm may end up losing at least $92,000 from the incident. Later, Lanz said, the firm's technology manager found the culprit: a file called "sdra64.exe," -- the engine behind the Zeus keystroke logging Trojan - on the PC of an employee with access to Landfill's online bank accounts. Lanz said he recalls receiving the bogus IRS e-mail last week, and then forwarding it on to another employee, who evidently opened the attached file. Still, Landfill may have gotten off easy: Attackers using a custom form of Zeus known as JabberZeus used it to steal the online banking credentials -- and some $415,000 -- from Bullitt County, Ky. earlier this summer. A word to the wise: Do not click on attachments included in unsolicited e-mails, especially those that encourage you to act quickly or else suffer some scary fate: These are almost universally scams or attempts to plant malicious software on your computer. Also, note that the IRS has stated emphatically that it does not communicate with citizens via e-mail . By Brian Krebs | September 28, 2009; 5:10 PM ET | Posted at 5:10 PM ET, 09/28/2009 New IRS Scam E-mail Could Be Costly The Department of Homeland Security's Computer Emergency Readiness Team is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service. According to one victim interviewed by Security Fix , falling for the ruse could cost you or your employer tens of thousand of dollars. uscertbanner.JPG An alert issued Monday by the U.S.-CERT states: "The attacks arrive via an unsolicited email message and may contain a subject line of 'Notice of Underreported Income.' These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan." The Zeus Trojan is exceptionally good at stealing sensitive data, and it is especially interested in online banking credentials. This fake IRS/Zeus campaign has been ongoing for several weeks now , according to Gary Warner , director of research in computer forensics at the University of Alabama, Birmingham . Still, it's nice to see a high-profile government agency issuing an alert about this threat, as it appears to be hitting quite a large number of businesses (the virus portion of my Postini inbox has been filled with little else these past few days -- click the screen shot below to see what I mean). irsscan.JPG A recent victim of the scam is Landfill Service Corp. , a solid waste company based in Apalachin, NY. Last week, the firm discovered that thieves had used Zeus to steal the company's Internet banking credentials, after the attackers transferred $150,000 from its online bank account in a series of sub-$10,000 payments to 20 so-called money mules , co-conspirators around the country hired in job scams. Landfill's President, Joel Lanz , said the company has recovered some of the funds, though he said it appears the firm may end up losing at least $92,000 from the incident. Later, Lanz said, the firm's technology manager found the culprit: a file called "sdra64.exe," -- the engine behind the Zeus keystroke logging Trojan - on the PC of an employee with access to Landfill's online bank accounts. Lanz said he recalls receiving the bogus IRS e-mail last week, and then forwarding it on to another employee, who evidently opened the attached file. Still, Landfill may have gotten off easy: Attackers using a custom form of Zeus known as JabberZeus used it to steal the online banking credentials -- and some $415,000 -- from Bullitt County, Ky. earlier this summer. A word to the wise: Do not click on attachments included in unsolicited e-mails, especially those that encourage you to act quickly or else suffer some scary fate: These are almost universally scams or attempts to plant malicious software on your computer. Also, note that the IRS has stated emphatically that it does not communicate with citizens via e-mail . By Brian Krebs | September 28, 2009; 5:10 PM ET | To subscribe or to leave the list, or to set other subscription options, go to www.freelists.org/list/real-eyes