Search This Blog

"Your Federal Tax Payment rejected" spam mail leads to Malware

MX Lab has intercepted a new spam emails with subject “Your Federal Tax Payment ID: 2636335 is failed”, the ID number will change with each email.

The email is send from spoofed addresses and has the following body:
Your Federal Tax Payment ID: 901757127 has been rejected.
Return Reason Code R21 – The identification number used in the Company Identification Field is not valid. Please, check the information and refer to Code R21 to get details about your company payment in transaction contacts section:
report_177329.pdf.exe (self-extracting archive, Adobe PDF)
In other way forward information to your accountant adviser.
EFTPS: The Electronic Federal Tax Payment System
PLEASE NOTE: Your tax payment is due regardless of EFTPS online availability. In case of an emergency, you can always make your tax payment by calling the EFTPS
The trojan is masked for the reader as a self extracting archive that will contains a PDF file. The embedded URL “report_177329.pdf.exe” leads to hxxp:// and a 200 kB large file report.pdf.exe is downloaded.

At the time of writing, only 2 of the 41 AV engines did detect the trojan at Virus Total.
Share it:

Spam Report