I've received reports of suspicious emails claiming to be from the IRS. It's a common scheme to get a user to click and run an executable. It looks like zeus/zbot to me (more on that here: https://zeustracker.abuse.ch/faq.php their cert is a little non-standard,) but I can't share the details yet. If you've received one of these emails and don't mind sharing the details with our readers, please submit a copy (via: http://isc.sans.org/contact.html) If you want to check out your own logs in the meantime, I'd suggest looking for domains that look like www.irs.gov.<stuff> and downloaded executables with the word "tax" in them. For those with enough free-time to try to track the different groups using zeus, this one has an Avalanche feel to it. |
Kevin Liston 292 Posts ISC Handler Mar 25th 2010 |
Thread locked Subscribe |
Mar 25th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!