March 21, 2012Faux IRS and PayPal Messages Spreading Malware
Both of the social engineering tricks shown in the following email examples try to raise the adrenalin of the recipient with the hope that the rush causes immediate clicking or opening. Both involve money (surprise!), either that you are made to think you won't get back (IRS refund) or had lifted from your account (PayPal).
First the fake Internal Revenue Service notification. The Subject: line reads "Your tax return appeal is declined." Then comes the message body that includes logos directly from the irs.gov web site, but in a silly arrangement that makes the IRS look like it's creating a doorbusting sale advertisement:
Loading. Please wait.
That gives you something to look at while the script determines if you are running a susceptible operating system/browser. If your computer qualifies, let the malware loading begin!
Today's PayPal-inspired malware missives look halfway decent (except for the errant HTML end tag).
This observable behavior makes me think the campaigns are related, perhaps by authorship.