Malicious E-mails Imitating EFTPS Presently Targeting Taxpayers
MX Labs is bewaring internet users about malicious e-mails supposing from the US Electronic Federal Tax Payment System (EFTPS). Notably, EFTPS IS A System for giving federal taxes electronically using the internet, or through hone in the US.The e-mail entitled "EFTPS: Company Tax Payment Batch Has Been Rejected," delivers the news that the Federal Tax Payment bearing ID: 6558836841 has become redundant.
The Return Reason Code of the user is mentioned as R225. However, the identification number that is used in the Company Identification Field is not applicable anywhere. The user is thus requested to kindly check the information and refer back to Code R966 in order to achieve more details on the company payment in transaction contacts section coded as EFTPS_report_1334022012.pdf (Adobe PDF). It also informs the user that the tax payment is due irrespective of the EFTPS online availability.
In order to exhibit legitimacy and seem to be authentic to the email recipient it also informs that "If its an emergency, you can always make your tax payment by calling the EFTPS," note MX Lab security professionals currently analyzing the ongoing spiteful campaign. The attached ZIP file called as EFTPS_Document.zip and includes 70 Kb large file eftps_Document.exe.The Trojan is called as W32/FakeAlert.OT.gen!Eldorado, Win32/TrojanDownloader.Wauchos.I, UDS: DangerousObject.Multi.Generic or Heuristic.BehavesLike.Win32.Downloader.A.
Presently, this Trojan is found only by a handful of antivirus solutions, but actually to be exact only 5 from 46 AV engines did establish the Trojan at Virus Total, highlighted the experts at MX Lab.However, it is malware-ridden fake e-mail campaigns of the above- mentioned kind, which is leading to an augment in the spam in the US, said security expert of the security firm. Their decision is laid by data released by security firm Sophos in its most recently launched "Dirty Dozen" report for December 2012-February 2013, according to which, one-fifth of fake mails travelled through as system in the US during the last three months.
Further, it is not the first time that EFTPS's name has been spoiled by cybercriminals in its malicious campaign. In February 2013, a same kind of malware campaign titled "FW: 2012 AND 2011 Tax Documents; Accountant's Letter" had been found to have carried Troj/Agent backdoor Trojan horse, later reported by security firm Sophos.