TRENDLABS ADVISORY: SPOOFED IRS W-2 EMAIL CIRCULATING, CONTAINS
MALWARE
A couple of days after the United States Internal Revenue Service (IRS)
kicked off the 2010 tax filing season on January 4, Trend Micro researchers received samples of spammed email messages informing recipients that there have been some important changes in the IRS Employers W-2 forms. Below are the details of the email:
****
From:
"Internal Revenue Service" update@irs.com
Subject:
W-2 Form update
Message body:
Important changes within the IRS Employers W-2 forms.
Attached is a updated version of the W-2 form that needs to be completed by all
Whether you rely on a tax professional or handle your own taxes, the IRS offers you convenient programs to make filing and payment easier.
Spend less time and worry on taxes and more time running your business. Use e-file and the Electronic Federal Tax Payment System (EFTPS) to your benefit.
. For e-file, visit www.irs.gov for additional information.
. For EFTPS, visit www.eftps.gov or call EFTPS Customer Service at 1-800-555-4477.
****
The message also comes with an attachment, which is supposed to be a copy of the updated version of the W-2 form. The attached file (
Update.doc
) contains an embedded file named
W-2update.pdf
, which is actually a malicious EXE file. Trend Micro detects both files as
TROJ_BUZUS.BQA.
As of this writing, TrendLabs is doing a more in-depth analysis of the threat. New developments about this attack will be posted in
blog.trendmicro.com