Cybercriminals are circulating a variant of the ZeuS Trojan via a spam campaign that claims to offer tax refunds, the Australian Taxation Office (ATO) has warned.
The scam emails claimed to be from the ATO and contained Trojan.Zbot malware within a zip file named ‘Restore your account’.
Also included in the zip file was a message that asked recipients to provide their personal and credit or debit card details in order to receive a refund.
Tax Commissioner Michael D’Ascenzo warned the community that the ATO would never request those details by email.
“Any email requesting personal and credit or debit card details before a refund can be released is a hoax,” he stated.
According to security vendor Symantec, Trojan.Zbot affected Windows Vista and previous Windows operating systems and was used to steal confidential information from a compromised computer.
It typically gathered system information, online credentials and banking details contained within the Windows Protected Storage (PStore) system.
The malware was believed to have been used in the theft of US$415,000 from the Bullitt County treasury in Kentucky in mid-2009.