New Spam Campaign Aimed at Quickbooks Users

Intuit is warning its customers that a new spam campaign has launched that targets users of its popular Quickbooks software. The spam messages claim to be an urgent notification from Intuit informing the recipient that the company has suffered a data breach that resulted in customer names, addresses and phone numbers being stolen. The email goes on to reassure them that no banking info was accessed and that the company has taken corrective measures, which includes a “Windows Quickbooks Update” and “Internet Explorer Plug-In”. The email urges the recipient to click on the included links and download them immediately or they will no longer be able to use the Quickbooks software.

The links, not surprisingly, lead to malware downloads, namely a Trojan Horse. Intuit has not provided any specific details as to the type of malware, but given the group of users the spam campaign is targeted at, it is likely some form of data theft malware such as Zbot/Zeus.

The company calls it a phishing attempt but it is actually a campaign that has blended characteristics of spear phishing, malware attacks and plain old spam. Since Quickbooks is designed as a way for businesses to organize their payroll and finances, it’s not surprising that cyber-criminals are targeting it. Fortunately most of the software’s users are probably well aware that Intuit pushes its updates through the program itself and not via emails. The company is asking that anyone who receives this spam forward it to security@intuit.com for investigation.