Bogus IRS W-2 Form Leads to Malware

Peaches

By Peaches,
in Security Alerts

 Share Followers 0

Recommended Posts

Peaches

Peaches

Posted
Posted
Jan11, 2010

by Mary Ermitano (Anti-spam Research Engineer)

After the holidays, spammers now are capitalizing on the upcoming tax season. Recently, Trend Micro threat analysts found spammed messages purporting to come from the Internal Revenue Service (IRS). The spammed message bears the subject, "W-2 Form update," and informs users to update the said form because of supposed "important changes." The W-2 form states an employee's annual salary and total tax.

The spammed message looks normal since the URLs and phone numbers in it are legitimate. This was probably done so users will not suspect anything. It also encourages users to open the attached .RTF file (Update.doc), which is supposed to be the W-2 form. When users open the .RTF file, however, they will see an embedded .PDF file. This supposedly PDF file is actually an .EXE file that uses the PDF icon. This is detected by Trend Micro as BKDR_POISON.BQA.

Screenshots & more on this topic at Trendmicro - http://blog.trendmicro.com/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing