Email “ATTN: Early 2013 Tax Return Report!” contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “ATTN: Early 2013 Tax Return Report!”.

This email is send from the spoofed address “Internal Revenue Service <tax-refund@irs.gov>” and has the following body:

Dear Member

Here is a report on your early 2013 Federal Tax return report. Kindly download the attachment to view your report and start filling for 2013 return as early as second week of December.

Thanks

Internal Revenue Service
915 Second Avenue, MS W180
Seattle, WA 98174-0041
http://www.irs.gov/

The attached ZIP file has the name Early2013TaxReturnReport_0B94710736.zip and contains the 102 kB large file Early2013TaxReturnReport_FA9433B43__random_chars__3393954885.pdf.exe.

The trojan is known as a variant of Win32/Injector.AUZX or Trojan.Agent.ED.

At the time of writing, 2 of the 47 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink and Malwr permalink for more detailed information.
SHA256: bcbd43ec615225cede44318677c65f89c9113705c4cd7f975ea3d4c327a18bd5.

3 thoughts on “Email “ATTN: Early 2013 Tax Return Report!” contains trojan

Comments are closed.