Spamvertised "IRS notice" Serving Malware

0
October 09, 2011

Cybercriminals are spamvertising yet another malware-serving campaign. Impersonating the IRS, malicious attackers are attempting to entice end users into downloading and executing a malicious file attachment. 

Spamvertised message: Tax notice, There are arrears reckoned on your account over a period of 2010-2011 year. You will find all calculations according to your financial debt, enclosed. Sincerely, Internal Revenue Service


Detection rate:
Calculations.exe - TrojanDownloader:Win32/Dofoil.D - 33/43 (76.7%)
MD5   : 178bb562d9c0ef2b0a87467dcbd945ee
SHA1  : 9ef75146aeb27102a1e5662284f369a43144225c
SHA256: d1551934d60033c871b377015c8be65d608b33543f149369d1e70361e06dc05e

Upon execution, it phones back to falcononfly2006.ru/blog/task.php?bid=2bfc680038ba2be7&os=5-1-2600&uptime=0&rnd=150156

falcononfly2006.ru - 91.229.90.139, AS6753 - Email: makrogerhouse@yandex.ru

makrogerhouse@yandex.ru is also associated with the following domains:
diamondexchange2011.ru
philippinemoney2011.ru
Bedownloader2011.ru
dolcekomarenoro2011.ru
forsalga102.ru
runescapegpge2011.ru
yomwarayom2001.ru
philippinemoney2011.ru
moneymgmt2011.ru
moneykeep2011.ru
firewallmakeover.ru
czechmoney2011.ru
communityspace2911.ru
brazilianmoney2011.ru

Monitoring of the campaign is ongoing.

This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.

About the author

Donec non enim in turpis pulvinar facilisis. Ut felis. Praesent dapibus, neque id cursus faucibus. Aenean fermentum, eget tincidunt.

0 Comments:

Subscribe to: Post Comments (Atom)