The Latest in IT Security

Spamvertised IRS-themed “Last Notice” Emails Serving Malware


Cybercriminals are once again impersonating the Internal Revenue Service (IRS) for malware-serving purposes. In this intelligence brief, we’ll dissect the malware campaign.

Spamvertised attachment:
Spamvertised message: Notice, There are arrears reckoned on your account over a period of 2010-2011 year. You will find all calculations according to your financial debt, enclosed. You have to pay out the debt by the 17 December 2011. Yours sincerely, IRS.

– Detection rate:
IRS_Calculations.exe – W32/Yakes.B!tr – 34/40 (85.0%)
MD5   : e44eb03582f030d30251e6be384f6b32
SHA1  : eaa3d76534d247d04987b8950965d0142d770b29
SHA256: 18386f49580298eee73688ce5e626a9e332886c25403a991495e0a3250c53e32

Upon execution phones back to: –; AS15884 – Email: [email protected] – returns “Bandwidth Limit Exceeded” –; AS21844 – Email: [email protected] – returns “Bandwidth Limit Exceeded” – returns “Bandwidth Limit Exceeded” – returns “Bandwidth Limit Exceeded” – Connect to on port 80 … failed – Connect to on port 80 … failed –; AS6753 (responding to is also – Email: [email protected]) – Email: [email protected]

The same email [email protected], has been linked to a previously spamvertised IRS-themed malware campaign.

Clearly, both campaigns have been launched by the same cybercriminal.

This post has been reproduced from Dancho Danchev’s blog. Follow him on Twitter.

Leave a reply


FRIDAY, MARCH 01, 2024

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments