Email scam steals money by pretending to be IRS

Nobody likes getting a letter from the IRS (except if it has a check in it, that is), and so emails from the IRS are likely to cause a bit of angst as well. But when you get an email from the tax collector, chances are, it’s not the real thing. In fact, the agency has explicitly stated that it does not communicate via email with taxpayers. If you get an email from the IRS with an attachment, don’t open the attachment!

With that in mind, US-CERT has issued a warning of a recent spate of spam that is created to appear as though it is from the Internal Revenue Service. The spam attack contains a message about under-reported income, and asks recipients to open up an attachment or click on a link to view a tax statement. However, the attachment contains a piece of malware, and the link opens up to a malicious website. According to CERT, the malware is the Zeus Trojan, which is used to steal money from bank accounts. Zeus is one of the more difficult Trojans to detect, and the binary changes several times a day. Zeus attempts to break into bank accounts, and then withdraws money, and according to one report, criminals using Zeus are able to drain more than a million dollars a day from bank accounts.

The campaign has been going on for about three weeks, and according to reports, hasn’t even begun to lose steam. The barrage of spam is huge, accounting for nearly ten percent of all spam email being tracked, with one company counting 11 million spam messages just relating to this one program since September 9.

The message includes a message subject line that says “notice of underreported income,” and attempts to trick users to clicking on a link to view their personal tax statement. Some users have reported the guilty Trojan is a file named sdra64.exe.