September 15th US taxpayers should file their
2008 tax return, an event that did not escape unnoticed by cybercriminals, who
began another malicious offensive with a medium spam wave. The spam message
used as bait requires the taxpayers to review their unreported or underreported
income statement, providing them with an alleged customized link towards the
IRS Web site.
The link does not lead to the agency portal, but to a Web
page (registered on an .eu domain) that
mimics an on-line form, employing several visual identification components of
the original IRS Web site (namely the logo and the general formatting elements).
The page also provides a link of a purported tax statement
that the user should download and execute. However, upon clicking the user does
not download an e-form, but receives a malicious payload that BitDefender
detects as Trojan.Generic.2436384, which is, in effect, another version of the
infamous ZBot.
This long-lasting Trojan has rootkit components that help
him to install and hide itself on the compromised machines either in the
Windows or Program Files directory. It injects code in several processes and
adds exceptions to the Microsoft
tags
I rediscovered "all that technical jazz" with the E-Threat Analysis Team at Bitdefender, the creator of one of the industry's most effective lines of internationally certified security software.
View all postsSeptember 06, 2024
September 02, 2024