June 06, 2007 ~ "...New email spam variant similar to attacks previously launched on the IRS and Better Business Bureau. The spoofed email claims to be from the Internal Revenue Service (IRS). The message claims that IRS is investigating the recipient and the recipient's company for tax fraud. The email prompts the reader download a document to help resolve the issue. The document is an executable written in Delphi with the MD5 of (9d0252348a2b470be5950c216993f7ce). The infected document was not detected by any anti-virus programs we tested. The filename is Complaint.doc.exe, and is hosted on a server based in China. The server was up at the time of this alert. We are completing our analysis, but this appears to be a Trojan Horse and will not run on all systems..."
(Screenshot available at the URL above.)
Malicious Code: IRS scam downloading new Trojan Horse
No replies to this topic