Spamvertised ‘Your accountant license can be revoked’ emails lead to client-side exploits and malware

by

Share this news now.

Cybercriminals are currently spamvertising a malicious email campaign that’s designed to trick you into clicking on a bogus complaint.pdf link which ultimately leads to client-side exploits and malware.

The campaign is launched by the same gang that launched the “Spamvertised ‘Termination of your CPA license’ ” malicious campaign last month.

More details:

Spamvertised subjects: Your accountant license can be revoked; Rejection of your tax appeal; Fraudulent tax return assistance accusations; Tax return fraud notification; Internal Revenue service notification; Income tax return fraud accusations

Spamvertised message: We have received a complaint about your possible participation in income tax refund infringement on behalf of one of your clients. According to AICPA Bylaw Paragraph 765 your Certified Public Accountant status can be revoked in case of the aiding of submitting of a misguided of fraudulent tax return on the member’s or a client’s behalf.

Please familiarize yourself with the complaint below and provide your feedback to it within 14 days. The failure to provide the clarifications within this term will result in withdrawal of your CPA license.

Spamvertised URL: hxxp://www.inductiveminds.com/wp-includes/aic.html

Upon clicking on the link, end and corporate users are exposed to a mix of client-side exploits that ultimately drop malicious software on the targeted hosts. In this case,  the campaign attempts to exploit Libtiff integer overflow in Adobe Reader and Acrobat (CVE-2010-0188), and Help Center URL Validation Vulnerability (CVE-2010-1885), ultimately dropping malware with MD5:0e8ca3f42bc4cc8df8acccb8a4d4af67.

Avoid interacting with these emails. Report them as malicious as soon as possible, and also ensure you’re using the latest version of your third-party software and browser plugins when you browse the Web.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.

Trackbacks

  1. [...] Spamvertised ‘Your accountant license can be revoked’ emails lead to client-side exploits and ma… [...]

  2. [...] Public Accountants (CPAs) are a common target for cybercriminals. Throughout 2012, we intercepted several campaigns directly targeting CPAs in an attempt to trick them into clicking on the [...]