{"id":6316,"date":"2012-03-09T12:20:54","date_gmt":"2012-03-09T19:20:54","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=6316"},"modified":"2024-03-29T10:56:26","modified_gmt":"2024-03-29T16:56:26","slug":"spamvertised-your-accountant-license-can-be-revoked-emails-lead-to-client-side-exploits-and-malware","status":"publish","type":"post","link":"https://www.webroot.com/blog/2012\/03\/09\/spamvertised-your-accountant-license-can-be-revoked-emails-lead-to-client-side-exploits-and-malware\/","title":{"rendered":"Spamvertised &#8216;Your accountant license can be revoked&#8217; emails lead to client-side exploits and malware"},"content":{"rendered":"<p>Cybercriminals are currently spamvertising a malicious email campaign that&#8217;s designed to trick you into clicking on a bogus <strong>complaint.pdf<\/strong> link which\u00a0ultimately leads to client-side exploits and malware.<\/p>\n<p>The campaign is launched by the same gang that launched the &#8220;<strong>Spamvertised \u2018Termination of your CPA license\u2019<\/strong> &#8221; malicious campaign last month.<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/webrootblog.files.wordpress.com\/2012\/03\/account_revocation_exploits_malware.png\"><img decoding=\"async\" loading=\"lazy\" class=\"aligncenter  wp-image-6317\" title=\"account_revocation_exploits_malware\" src=\"http:\/\/webrootblog.files.wordpress.com\/2012\/03\/account_revocation_exploits_malware.png\" alt=\"\" width=\"329\" height=\"227\" \/><\/a><\/p>\n<p>More details:<\/p>\n<p><!--more--><\/p>\n<p><strong>Spamvertised subjects:<\/strong>\u00a0<em>Your accountant license can be revoked; Rejection of your tax appeal;\u00a0Fraudulent tax return assistance accusations;\u00a0Tax return fraud notification;\u00a0Internal Revenue service notification;\u00a0Income tax return fraud accusations<\/em><\/p>\n<p><strong>Spamvertised message:<\/strong> <em>We have received a complaint about your possible participation in income tax refund infringement on behalf of one of your clients. According to AICPA Bylaw Paragraph 765 your Certified Public Accountant status can be revoked in case of the aiding of submitting of a misguided of fraudulent tax return on the member&#8217;s or a client&#8217;s behalf.<\/em><\/p>\n<p><em>Please familiarize yourself with the complaint below and provide your feedback to it within 14 days. The failure to provide the clarifications within this term will result in withdrawal of your CPA license.<\/em><\/p>\n<p><strong>Spamvertised URL:<\/strong>\u00a0<em>hxxp:\/\/www.inductiveminds.com\/wp-includes\/aic.html<\/em><\/p>\n<p>Upon clicking on the link, end and corporate users are exposed to a mix of client-side exploits that ultimately drop malicious software on the targeted hosts. In this case, \u00a0the campaign attempts to exploit\u00a0Libtiff integer overflow in Adobe Reader and Acrobat (<strong><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-0188\">CVE-2010-0188<\/a><\/strong>), and\u00a0Help Center URL Validation Vulnerability (<strong><a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2010-1885\">CVE-2010-1885<\/a><\/strong>), ultimately dropping malware with <strong>MD5:0e8ca3f42bc4cc8df8acccb8a4d4af67<\/strong>.<\/p>\n<p>Avoid interacting with these emails.\u00a0Report them as malicious as soon as possible, and also ensure you&#8217;re using the<strong><a href=\"http:\/\/secunia.com\/vulnerability_scanning\/personal\/\"> latest version of\u00a0your third-party software<\/a><\/strong> and <strong><a href=\"http:\/\/www.mozilla.org\/en-US\/plugincheck\/\">browser plugins<\/a><\/strong>\u00a0when you browse the Web.<\/p>\n<p><em>You can find more about Dancho Danchev at his\u00a0<strong><a href=\"http:\/\/nl.linkedin.com\/in\/danchodanchev\">LinkedIn Profile<\/a><\/strong>. You can also\u00a0<strong><a href=\"http:\/\/www.twitter.com\/danchodanchev\">follow him on \u00a0Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals are currently spamvertising a malicious email campaign that&#8217;s designed to trick you into clicking on a bogus complaint.pdf link which\u00a0ultimately leads to client-side exploits and malware. The campaign is launched by the same gang that launched the &#8220;Spamvertised \u2018Termination of your CPA license\u2019 &#8221; malicious campaign last month. More details:<\/p>\n","protected":false},"author":65,"featured_media":17048,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[3881,10343,10115,9563,9921,5135,10111,10105,7041,10097,9923,4797,4065,3477,7231,10113,5883,6531,7215,10107],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6316"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=6316"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6316\/revisions"}],"predecessor-version":[{"id":32807,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/6316\/revisions\/32807"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17048"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=6316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=6316"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=6316"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=6316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}