These fake "Federal Tax Transfer" spams lead to malware on retweetadministrator.org:Date: Thu, 26 Jul 2012 20:56:10 +0530
From: "Internal Revenue Service" [alerts@irs.gov]
Subject: Federal Tax transfer returned
Your federal Tax payment (ID: 632004160993), recently from your checking account was rejected by the your financial institution.
Canceled Tax transfer
Tax Transaction ID: 632004160993
Rejection Reason See details in the report below
Tax Transaction Report tax_report_632004160993.doc (Microsoft Word Document)
Internal Revenue Service, Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785
==========
Date: Thu, 26 Jul 2012 20:55:41 +0530
From: "Internal Revenue Service" [support@irs.gov]
Subject: Rejected Federal Tax transaction
Your Tax payment (ID: 766644379032), recently initiated from your checking account was rejected by the your financial institution.
Rejected Tax transfer
Tax Transaction ID: 766644379032
Reason of rejection See details in the report below
FederalTax Transaction Report tax_report_766644379032.doc (Microsoft Word Document)
Internal Revenue Service, Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785
==========
Date: Thu, 26 Jul 2012 12:00:54 -0300
From: "Internal Revenue Service" [support@irs.gov]
Subject: Rejected Federal Tax transfer
Your federal Tax payment (ID: 776394251906), recently from your checking account was returned by the your financial institution.
Canceled Tax transfer
Tax Transaction ID: 776394251906
Reason of rejection See details in the report below
FederalTax Transaction Report tax_report_776394251906.doc (Microsoft Word Document)
Internal Revenue Service, Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785
The malicious payload is on [donotclick]retweetadministrator.org/main.php?page=8b45f871830c6e5a (report here) hosted on 89.253.231.202 (Rusonyx Ltd, Moscow).
No comments:
Post a Comment