Home / mailings WSLabs, Malicious Website / Malicious Code: IRS scam downloading new Trojan Horse
Posted on 06 June 2007
Websense Security LabWebsense® Security LabsT has discovered a new email spam variant similar to attacks previously launched on the IRS and Better Business Bureau. The spoofed email claims to be from the Internal Revenue Service (IRS). The message claims that IRS is investigating the recipient and the recipient's company for tax fraud. The email prompts the reader download a document to help resolve the issue.
The document is an executable written in Delphi with the MD5 of (9d0252348a2b470be5950c216993f7ce). The infected document was not detected by any anti-virus programs we tested. The filename is Complaint.doc.exe, and is hosted on a server based in China. The server was up at the time of this alert. We are completing our analysis, but this appears to be a Trojan Horse and will not run on all systems.
Websense Security customers are protected from the Trojan Horse downloading.
Email screenshot included within full alert.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=779
