Cybercriminals are circulating a variant of the ZeuS Trojan via a spam campaign that claims to offer tax refunds, the Australian Taxation Office (ATO) has warned.

The scam emails claimed to be from the ATO and contained Trojan.Zbot malware within a zip file named ‘Restore your account’.
Also included in the zip file was a message that asked recipients to provide their personal and credit or debit card details in order to receive a refund.
Tax Commissioner Michael D’Ascenzo warned the community that the ATO would never request those details by email.
“Any email requesting personal and credit or debit card details before a refund can be released is a hoax,” he stated.
According to security vendor Symantec, Trojan.Zbot affected Windows Vista and previous Windows operating systems and was used to steal confidential information from a compromised computer.
It typically gathered system information, online credentials and banking details contained within the Windows Protected Storage (PStore) system.
ZeuS malware was created using Trojan-building toolkits that ranged in price from US$40 ($39) to US$4,000, and could force compromised computers to become part of a botnet.
The malware was believed to have been used in the theft of US$415,000 from the Bullitt County treasury in Kentucky in mid-2009.