By Kelly Jackson Higgins
Oct 15, 2010
A widespread spam campaign that began several days ago started spiking
today, Oct. 15 -- quarterly tax payment deadline day in the U.S.: The
Zeus-laden attack poses as an alert from the government's electronic tax
payment system, telling recipients that their payment was rejected and
sending them to a link that both infects them and redirects them to the
legitimate electronic federal tax payment system website, eftps.gov.
Researchers at Solera Networks say they first discovered the Zeus tie-in
with the spam run -- which features high volumes of spam emails with
subject lines such as, "LAST NOTICE: Your Federal Tax Payment has been
rejected in the system" -- during the past 24 hours after they had been
investigating a zero-day attack at one of their customer's sites. They
say they were struck both by the volume of the spam run and the layered
method of the attack.
"Late last night we were able to put the pieces of information together
that showed this was very interesting," says Peter Schlampp, vice
president of marketing and product management for Solera Networks. "The
call to action on this campaign is to click on the link, which says
eftps.gov, but in the background is a different URL. It has several
redirects and attempts to exploit your system. If successful, it gets
you to the eftps.gov website, and with a keylogger installed all the
information you [input there] gets sent to [the attacker] as well as the
system, and you become part of the botnet."
The attack uses Zeus Version 2, according to Solera, and is one of the
biggest spam campaigns Solera has ever seen.
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.