Security researchers from email security provider AppRiver warn of a new IRS-themed spam campaigns which takes advantage of the tax filing period to distribute a variant of the infamous ZeuS banking trojan.
The rogue emails bear a subject of "Your Federal Tax Payment Notice sn#######" (where # is a digit) and have forged headers to appear as they originate from an IRS address.
The message within advises recipients that their tax return filing was rejected by the Electronic Federal Tax Payment System (EFTPS) and asks them to correct the error.
"Urgent Report! Your Federal Tax Payment ID: ########## has been rejected. Return Reason Code R21 - The identification number used in the Company Identification Field is not valid.
"Please, check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section," the message reads.
The attached file is called IRS-TAX-Notification-printing-form-SN########.zip and contains a variant of the ZeuS crimware that has a very low detection rate on Virus Total.
More details - link
The rogue emails bear a subject of "Your Federal Tax Payment Notice sn#######" (where # is a digit) and have forged headers to appear as they originate from an IRS address.
The message within advises recipients that their tax return filing was rejected by the Electronic Federal Tax Payment System (EFTPS) and asks them to correct the error.
"Urgent Report! Your Federal Tax Payment ID: ########## has been rejected. Return Reason Code R21 - The identification number used in the Company Identification Field is not valid.
"Please, check the attached information and refer to Code R21 to get details about your company payment in transaction contacts section," the message reads.
The attached file is called IRS-TAX-Notification-printing-form-SN########.zip and contains a variant of the ZeuS crimware that has a very low detection rate on Virus Total.
More details - link
