With the US tax deadline drawing closer, criminals have stepped up their use of www.vnunet.com.
Researchers at Symantec have documented new attacks which use the tax season as a way to lure users into downloading malware.
"We have recently observed a few new types of spam in relation to tax season. This spam being of a more sinister type as it directs you to download a virus," wrote Symantec researcher Kelly Conley.
One of the attacks directly mimics the US Internal Revenue Service (IRS). The user is sent an email from what appears to be an IRS email address. The message tells the user that a new law has been passed requiring all users to download special software in order to file their taxes.
The email then directs the user to what appears to be an official IRS web page. In reality, the URL redirects to another page which then installs a Trojan application. Believing the software to be genuine, the user then launches the Trojan and installs the malware.
Conley also noted a second attack which attempts to mimic the TurboTax tax preparation software. Like the first attack, the message tells the user that a new law is requiring users to update their software. The user is directed to a fraudulent TurboTax update page which leads to the download of a Trojan.
The researcher noted that users can spot the attack by the distinct " turbotax.cn" domain of the sender and the use of a suspicious address for the download page.
"Be alert during tax season for those preying on you for sinister purposes such as stealing of personal information and spreading viruses," warned Conley.
"Above all, do not download anything on your computer unless you are sure that it is what it says it is and comes from someone you know and trust or a reputable company."
Cybercrooks step up taxing attacks
By Shaun Nichols on Mar 19, 2008 7:34AM