Threat Management, Malware

SC Exclusive: Spyware disguises itself as IRS tax notification

The only certain things in this world are death, taxes and tax-based cyber scams. Today, IT security company Fortinet has pointed out one of the latest tax scams to befoul the Internet -- this one in the form of a spyware program disguised as an IRS tax return notification.

According to an analysis by Fortinet security researcher Xiaopeng Zhang, the Windows-based malware collects infected victims' system information, takes screenshots and records keystrokes, and then exfiltrates this data over to a command-and-control server. Stolen system information includes the machine's name, user name, system type and system version.

Discovered on April 5, the spyware is in essence a malicious .VBE (VBScript Encoded Script) file whose code is embedded into a jpeg file in order to bypass anti-virus solutions. The .VBE file operates on the Microsoft .Net environment and it is executed without notification by default using the program Wscript.exe or Cscript.exe.

"IRS scams we saw before relied on macro-laden Word documents. When users open them, a warning is usually shown to ask users to enable [the] macro so that the malicious code inside them can be executed," said Zhang, in an exclusive first-run email interview with SC Media. "However, this scam uses a .VBE file which can be executed without any warning when users double-click it. This makes the malware infection more efficient and effective."

According to Zhang, Fortinet may name the spyware SpamUSA because the observed malware sample contains the fixed string "SPAMUSAAAAAAAAA".

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.