Sponsored by..

Monday 6 February 2012

"Your tax information needs verification" / hakkacraft.com and hakkayard.com

Another version of this spam leading to a malicious web page..

Date:      Mon, 5 Feb 2012 13:43:16 +0000
From:      "INTUIT INC." [tools@intuit.com]
Subject:      Your tax information needs verification.


With intent to assure that correct data is being maintained on our systems, and to be able to grant you better quality of service; INTUIT INC. has partaken in the Internal Revenue Service [IRS] Name and TIN Matching Program.

We have found out, that your name and/or Employer Identification Number, that is specified on your account is not in compliance with the information on file with the IRS.

In order to check and update your account, please click here.

Yours truly,

Corporate Headquarters
2632 Marine Way
Mountain View, CA 94043

The link in the email bounces through a couple a hacked legitimate sites and then lands on http://hakkacraft.com/search.php?page=73a07bcb51f4be71 (Wepawet report is here). There is a subsequent download attempted from hakkayard.com/forum/index.php?showtopic=656974

hakkacraft.com is hosted on (Zerigo Inc / wehostwebsites.com, US). hakkayard.com is on (Linode, US). Blocking the IP addresses will block any other malicious sites on the same server.

No comments: