[real-eyes] New IRS Scam E-mail Could Be Costly
- From: "Steve" <kcpadfoot@xxxxxxxxx>
- To: <real-eyes@xxxxxxxxxxxxx>
- Date: Mon, 28 Sep 2009 20:47:16 -0500
The following is from Security Fix
http://voices.washingtonpost.com/securityfix/
Steve
Posted at 5:10 PM ET, 09/28/2009
New IRS Scam E-mail Could Be Costly
The Department of Homeland Security's
Computer Emergency Readiness Team
is warning Internet users to be on guard against a convincing e-mail virus scam
disguised as a message from auditors at the
Internal Revenue Service. According to one victim interviewed by
Security Fix
, falling for the ruse could cost you or your employer tens of thousand of
dollars.
uscertbanner.JPG
An
alert
issued Monday by the U.S.-CERT states: "The attacks arrive via an unsolicited
email
message and may contain a subject line of 'Notice of Underreported Income.'
These
messages may contain a link or attachment. If users click on this link or open
the
attachment, they may be infected with malicious code, including the Zeus
Trojan."
The Zeus Trojan is exceptionally good at stealing sensitive data, and it is
especially
interested in online banking credentials. This fake IRS/Zeus campaign has been
ongoing for several weeks now
, according to
Gary Warner
, director of research in computer forensics at the
University of Alabama, Birmingham
. Still, it's nice to see a high-profile government agency issuing an alert
about
this threat, as it appears to be hitting quite a large number of businesses (the
virus portion of my
Postini
inbox has been filled with little else these past few days -- click the screen
shot
below to see what I mean).
irsscan.JPG
A recent victim of the scam is Landfill Service Corp.
, a solid waste company based in Apalachin, NY. Last week, the firm discovered
that
thieves had used Zeus to steal the company's Internet banking credentials, after
the attackers transferred $150,000 from its online bank account in a series of
sub-$10,000
payments to 20 so-called
money mules
, co-conspirators around the country hired in job scams.
Landfill's President, Joel Lanz
, said the company has recovered some of the funds, though he said it appears
the
firm may end up losing at least $92,000 from the incident.
Later, Lanz said, the firm's technology manager found the culprit: a file called
"sdra64.exe," -- the engine behind the Zeus keystroke logging Trojan - on the PC
of an employee with access to Landfill's online bank accounts.
Lanz said he recalls receiving the bogus IRS e-mail last week, and then
forwarding
it on to another employee, who evidently opened the attached file. Still,
Landfill
may have gotten off easy: Attackers using a custom form of Zeus known as
JabberZeus
used it to steal the online banking credentials -- and
some $415,000
-- from Bullitt County, Ky. earlier this summer.
A word to the wise: Do not click on attachments included in unsolicited e-mails,
especially those that encourage you to act quickly or else suffer some scary
fate:
These are almost universally scams or attempts to plant malicious software on
your
computer. Also, note that the IRS has stated emphatically that it
does not communicate with citizens via e-mail
.
By Brian Krebs | September 28, 2009; 5:10 PM ET |
Posted at 5:10 PM ET, 09/28/2009
New IRS Scam E-mail Could Be Costly
The Department of Homeland Security's
Computer Emergency Readiness Team
is warning Internet users to be on guard against a convincing e-mail virus scam
disguised as a message from auditors at the
Internal Revenue Service. According to one victim interviewed by
Security Fix
, falling for the ruse could cost you or your employer tens of thousand of
dollars.
uscertbanner.JPG
An
alert
issued Monday by the U.S.-CERT states: "The attacks arrive via an unsolicited
email
message and may contain a subject line of 'Notice of Underreported Income.'
These
messages may contain a link or attachment. If users click on this link or open
the
attachment, they may be infected with malicious code, including the Zeus
Trojan."
The Zeus Trojan is exceptionally good at stealing sensitive data, and it is
especially
interested in online banking credentials. This fake IRS/Zeus campaign has been
ongoing for several weeks now
, according to
Gary Warner
, director of research in computer forensics at the
University of Alabama, Birmingham
. Still, it's nice to see a high-profile government agency issuing an alert
about
this threat, as it appears to be hitting quite a large number of businesses (the
virus portion of my
Postini
inbox has been filled with little else these past few days -- click the screen
shot
below to see what I mean).
irsscan.JPG
A recent victim of the scam is Landfill Service Corp.
, a solid waste company based in Apalachin, NY. Last week, the firm discovered
that
thieves had used Zeus to steal the company's Internet banking credentials, after
the attackers transferred $150,000 from its online bank account in a series of
sub-$10,000
payments to 20 so-called
money mules
, co-conspirators around the country hired in job scams.
Landfill's President, Joel Lanz
, said the company has recovered some of the funds, though he said it appears
the
firm may end up losing at least $92,000 from the incident.
Later, Lanz said, the firm's technology manager found the culprit: a file called
"sdra64.exe," -- the engine behind the Zeus keystroke logging Trojan - on the PC
of an employee with access to Landfill's online bank accounts.
Lanz said he recalls receiving the bogus IRS e-mail last week, and then
forwarding
it on to another employee, who evidently opened the attached file. Still,
Landfill
may have gotten off easy: Attackers using a custom form of Zeus known as
JabberZeus
used it to steal the online banking credentials -- and
some $415,000
-- from Bullitt County, Ky. earlier this summer.
A word to the wise: Do not click on attachments included in unsolicited e-mails,
especially those that encourage you to act quickly or else suffer some scary
fate:
These are almost universally scams or attempts to plant malicious software on
your
computer. Also, note that the IRS has stated emphatically that it
does not communicate with citizens via e-mail
.
By Brian Krebs | September 28, 2009; 5:10 PM ET |
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] New IRS Scam E-mail Could Be Costly - Steve
