As expected, cyber criminals have renewed their illicit campaigns to bilk consumers of their money, but also infected them with malware intended to perpetrate identity theft. This sort of effort to fraudulently victimize consumers during the rush up the filing deadline (April 15th) of the U.S Tax season generally always shows up this time of year, but the social-engineering and sophistication continually evolves to ensnare as many victims as possible.

This year is no exception.

Earlier today, Trend Micro researchers began to receive reports of a new, targeted spam campaign which are specifically targeted to high-profile companies — some of them being Fortune 500 companies and U.S. Defense contractors — which would indicate that financial fraud is not the only intended goal of these criminals. Given their targets, they are possibly also looking to infiltrate high-profile companies for other, perhaps more insidious, reasons.

The malicious spam messages all look similar to the image above, and all have a subject line that are identical in format, yet crafted for each individual company:

“Re:tax contract for [company name], Inc.”

The MS Word attachment harbors a Trojan (which Trend Micro will detect as TROJ_DELF.HAV), and if opened, tells the user that “…Microsoft Word has encountered an error and needs to close. Please double click the icon to reload…” — which will initialize the Trojan.

Internet users are reminded that they should NEVER open unsolicited e-mail attachments, especially involving tax issues, and especially during tax season. These types of ploys are always malicious, and can only lead to some very bad experiences.

“Fergie”, a.k.a. Paul Ferguson
Internet Security Intelligence
Advanced Threats Research