Zeus malware used by Avalanche gang in IRS phishing scam

E-mails that say they're from the IRS may be Zeus malware. The IRS does not send e-mails. CC by Navarr/Flickr

The notorious Avalanche web crime syndicate is perpetrating an IRS phishing scam that is infesting the Internet. The IRS phishing scam begins with a fake e-mail notifying the marks that errors in their tax returns require clicking on a link in order to correct the mistake. It is important to realize that the IRS never sends out e-mails, and that clicking on the link starts a chain reaction that could clean out the bank accounts of the recipients and all their contacts.

Delete IRS e-mails

Those who are pretty gullible will likely fall into the trap that the IRS phishing scam sets with the bogus e-mails from the IRS. CBS Money Watch’s Jane Bryant Quinn got some of these e-mails. She said she got a few last week. The e-mails bore the urgent subject line “LAST NOTICE,” and followed with “We decline your Federal tax payment” or “The Identification Number used in the company identification field is not valid.” The e-mails have the appearance of coming from the Electronic Federal Tax Payment System. The website for EFTPS is where many pay their taxes by making online payments.

Zeus malware

The Avalanche gang is doing something new with the IRS phishing scam. The way of phishing that most people use is getting people to enter personal information on bogus websites. Now Avalanche is using a nasty password-stealing malware called Zeus. People’s account information is stolen with Zeus without the cooperation of those people. If people click on the link in an IRS phishing scam e-mail, they are taken to a drive-by download site. Just landing on the page allows Zeus to infect a PC. All accounts that the victim has online can be hacked. Everyone you know will end up with an e-mail, too. Zeus sends the bogus e-mail to everyone in your address book.

How much went to the Avalanche gang

According to ZDNet, the Avalanche gang has moved from conventional phishing to sending out billions of faked messages from tax authorities, false updates from social networking sites and other scams that lure unsuspecting people into the clutches of Zeus. Reports came from the Anti-Phishing Working Group. Apparently, throughout the world, millions have been stolen through Zeus. No purported members of the Avalanche gang have been caught. The Avalanche gang has used Zeus to become the most successful bank robbers in history.

Articles cited

CBS Money Watch

ZDNet

Gov Info Security