Sponsored by..

Tuesday 28 February 2012

IRS Spam / pollypeach.com

Another IRS spam run leading to malware, this time on pollypeach.com.

Date:      Tue, 27 Feb 2012 17:02:45 +0600
From:      "Ofelia Childers"
Subject:      IRS notification of your tax appeal status.



Dear Accountant Officer,
Hereby you are notified that your Income Tax Return Appeal id#0184348 has been REJECTED. If you believe the IRS did not properly assess your case due to a misinterpretation of the case details, be prepared to provide additional information. You can obtain the rejection report and re-submit your appeal under the following link Online Tax Appeal.

Internal Revenue Service
Telephone Assistance for Businesses:
Toll-Free, 1-800-829-4933
Hours of Operation: Monday � Friday, 7:00 a.m. � 7:00 p.m. your local time (Alaska & Hawaii follow Pacific Time).

The malicious payload is on pollypeach.com/search.php?page=73a07bcb51f4be71 and pollypeach.com/content/ap2.php?f=e4649 (see the report here), hosted on 69.163.45.128 (Directspace, US). Blocking the IP rather than the domain will stop any further infections from that server.

No comments: