Sunday, October 09, 2011
Cybercriminals are spamvertising yet another malware-serving campaign. Impersonating the IRS, malicious attackers are attempting to entice end users into downloading and executing a malicious file attachment.
Spamvertised message: Tax notice, There are arrears reckoned on your account over a period of 2010-2011 year. You will find all calculations according to your financial debt, enclosed. Sincerely, Internal Revenue Service
Calculations.exe - TrojanDownloader:Win32/Dofoil.D - 33/43 (76.7%)
MD5 : 178bb562d9c0ef2b0a87467dcbd945ee
SHA1 : 9ef75146aeb27102a1e5662284f369a43144225c
Upon execution, it phones back to falcononfly2006.ru/blog/task.php?bid=2bfc680038ba2be7&os=5-1-2600&uptime=0&rnd=150156
falcononfly2006.ru - 18.104.22.168, AS6753 - Email: email@example.com
firstname.lastname@example.org is also associated with the following domains:
Monitoring of the campaign is ongoing.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
Posted by Dancho Danchev at Sunday, October 09, 2011