As we have documented in the past, a new (actually, it’s the same as the old one) Fake IRS notification malspam campaign has started up again.Â Â The attack starts with a spam e-mail which appears to be from the Internal Revenue Service informing the victim of a unreported income discrepancy. The link in the e-mail follows a http://www.irs.gov.maliciousdomain.com naming convention in order to trick the user and once the link is clicked on, the victim is presented with an authentic looking IRS website, which attempts to further legitimize itself by referencing the victims name and e-mail address directly in the web page.
The page reads:
Filing and paying your federal taxes correctly and on time is an important part of living and working in the United States.Â Please review (download and execute) your tax statement.
Once the “tax report” is downloaded, the Trojan/Krap.Y malware silently installs in the background and then monitors theÂ infected computer for sensitive information.Â Panda Security users are already protected by this threat, but if you are not a customer and feel that you have been infected, you can download our free cloud antivirus software which will remove the threat.