IRS scam now world's biggest e-mail virus problem

25.09.2009
Criminals are waging a nasty online campaign right now, hoping that their victims' fears of the tax collecter will lead them to inadvertently install malicious software.

The , entering its third week now, is showing no signs of slowing down, according to Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham. This accounts for about 10 percent of the spam e-mail that his group is presently tracking, he said. "This is the most prominent spam-delivered virus in the world right now," he said.

Since first spotting the spam on Sept. 9, antispam vendor Cloudmark has counted 11 million messages sent to the company's nearly 2 million desktop customers, said Jamie Tomasello, abuse operations manager with Cloudmark. That number is "very high," she noted.

The messages typically have a subject line that reads, "Notice of Underreported Income," and they encourage victims to either install the Trojan attachment or click on a Web link in order to view their "tax statement." In fact, that link takes the victim to a malicious Web site.

The IRS not to open attachments or click on links included in e-mail that claims to come from the tax-collection agency.

What makes this campaign particularly ugly is that the malware that accompanies the fake IRS messages is a variant of the hard-to-detect Zeus Trojan. This software hacks into bank accounts and drains them of money as part of a widespread financial fraud scheme. Researchers estimate that the Zeus criminals are emptying more than a million dollars per day out of victims' bank accounts with the software. Small businesses have been particularly hard-hit by this fraud, because banks have sometimes held them accountable for the losses.