• United States



Timing is everything for new tax malware scam

Feb 15, 20113 mins
CybercrimeFinancial Services IndustryMalware

Pretty much any tax-themed phishing scam or malware attack launched in the first half of the year is bound to net a few naïve victims.

Pretty much any tax-themed phishing scam or malware attack launched in the first half of the year is bound to net a few naïve victims. But, with the right circumstances and the right timing, a message spoofed to appear from the United States Internal Revenue Service (IRS) can be a malware grand slam.

I have already put out the obligatory tax season warning to watch out for spam and malware claiming to be from the IRS. However, an AppRiver blog post describes an emerging threat that takes advantage of some unique events regarding tax season in the United States, and appears to have been launched with impeccable timing for maximum effectiveness.

AppRiver’s Troy Gill describes the threat. “The messages we are seeing, claim to be from the IRS and state that “Your Federal Tax Payment has been rejected”. The message contains an attachment that you are asked to open for more information. The attachments contains an .exe file that if run will infect your computer instantly.”

According to analysis by AppRiver, the actual malware appears to be a variant of the ever-popular ZeuS Trojan. AppRiver claims that initial testing found that only one out of forty-one malware detection engines successfully identified the malicious threat. Not great odds.

What makes this threat particularly dangerous, though, is the timing of the attack. Certain tax cuts implemented under the Bush administration should have been allowed to expire, but were a major point of contention between the Obama White House and the GOP-controlled House. A deal was struck enabling those tax cuts to be extended, but it was so last-minute that it forced the IRS to delay processing returns until it could be sure what the rules of engagement are going to be.

Gill explains that many tax returns were held, and that the IRS just began accepting them yesterday. “Most of these individuals would have received an email yesterday stating that their tax return has been “sent” to the IRS and that they would receive another email confirmation once the return had been “accepted” by the IRS. In other words–millions of Americans are likely expecting to hear whether or not their tax return has been accepted or rejected via email within the next 48 hour period, so this attack could really not be better timed.”

If you are one of these millions of Americans, be on guard and don’t fall for this scam. The IRS will not–I repeat, not–send you an e-mail with a file attachment. If you receive any e-mail that you are concerned may be from the IRS, contact the IRS directly to find out the status of your tax return.