The Latest in IT Security

IRS Summer Tax forum – the things they don’t teach you


Lesson one: The IRS is a confirmed favorite of spammers, phishers and malware distributors. As an example consider the attacks from the last few weeks that have targeted users of the IRS’s electronic payment portal. This time the attack starts with an email about tax forums to train and serve the tax practitioner community. The content of the fraudulent email is almost the same as the article “IRS Tax Forums Planned for this Summer” from May, 2004 (!). The Cybercriminals have only change the dates and some words to make it more appealing for tax practitioners. The IRS has posted a note about this malware on their website.

The attachment is a blank document file which contains a malformed adobe flash that exploits the recent vulnerability CVE-2011-0611 that was discovered back in April.

The embedded flash contains the following Action Script:

After dumping the shellcode, the URL is visible at the end – this hosts the malware “g.exe” that will be downloaded and executed on the infected computer.

Commtouch’s Command Antivirus detects this malware as: Exploit/WRD.gen.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments