FROM THE IGLOO

A recent spam campaign that pretends to be from the IRS is playing on people’s fear of the tax man to propagate malware. The email has a subject line that reads, “Notice of Underreported Income” and requires the victim to either install the Trojan attachment or click on a Web link in order to view their “tax statement.” In fact, that link takes the victim to a malicious Web site.

This campaign is in its third week and continues to grow with reported estimates that it constitutes almost 10% of all spam. The malware attachment is a variant of the hard-to-detect Zeus Trojan. This software hacks into bank accounts and drains them of money as part of a widespread financial fraud scheme. Researchers estimate that the Zeus criminals are emptying more than a million dollars per day out of victims’ bank accounts with the software.

Testing of this malware has been done by Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham. He has found that only five of the 41 antivirus detection systems used by VirusTotal managed to spot it. Here’s the quote that sums up why AV alone is not enough and why WhiteListing (Faronics Anti-Executable) needs to be added to your layered security strategy.

“It’s difficult to stay ahead of it via antivirus because the Zeus binaries are changing a few times a day to evade detection,” said Paul Ferguson, a researcher with Trend Micro, via instant message. “It’s definitely a problem.”

Tags: AE, Anti-Executable, Anti-Virus, AV, Deep Freeze, email, Malware, spam, Trojan, white list, whitelisting