Sponsored by..

Monday, 22 July 2013

IRS.gov "Complaint Case #488870383295" spam / Complaint_488870383295.zip

This spam contains a malicious attachment, but seems to confuse the roles of the BBB and the IRS.

Date:      Mon, 22 Jul 2013 09:59:08 -0500 [10:59:08 EDT]
From:      "IRS.gov" [fraud.dep@irs.gov]
Subject:      Complaint Case #488870383295

You have received a complaint in regards to your business services.
The complaint was filled by Mr./Mrs. Ulivo DELERME on 07/22/2013/

Case Number: 488870383295

Instructions on how to resolve this complaint as well as a copy of the original complaint are attached to this email.

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them: Claims based on product liability; Claims for personal injuries; Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.

The decision as to whether your dispute or any part of it can be arbitrated rests solely with the IRS.

The IRS offers a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

2013 Council of IRS, Inc. All Rights Reserved.

Attached to the email is a ZIP file Complaint_488870383295.zip which in turn contains an executable Complaint_07222013.exe which is bad news. VirusTotal detection rates are a so-so 14/47.

ThreatExpert and Comodo CAMAS give a little background information, but in this case the Malwr analysis seems to be the most comprehensive and shows traffic out the the following compromised sites:


The second part has a much lower detection rate of just 2/47. At the moment this second stage is still being analysed.

No comments: