Subject: Notice of Underreported Income
Taxpayer ID: e0cdd8db-00000684284766US
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)
Please review your tax statement on Internal Revenue Service (IRS) website (click on the link below):
review tax statement for taxpayer id: e0cdd8db-00000684284766US
Internal Revenue Service
Two changes are that my email address is no longer part of the "taxpayer id", nor is it part of the URL to which the spam directs me.
When I followed the link in the most recent spam message, I "eventually" end up on the website:
http://www.irs.gov.nerrasssb.co.uk/fraud_application/directory/statement.php?tid=target-00000169290787US
however, that URL is *NOT* what is present in the email message!
http://geocities.com/AnnabelleRichardson78/yredaxubu.htm
http://geocities.com/AshleyWyatt42/ohulociqam.htm
http://geocities.com/AustinHobbs20/nulaxubumul.htm
http://geocities.com/AveryGoodwin43/ihociqamy.htm
http://geocities.com/bcwowpuyne/yredaxubu.htm
http://geocities.com/BillSantos33/nulaxubumu.htm
http://geocities.com/BriannaHensley06/yredax.htm
http://geocities.com/DamienMorris57/apegapyzap.htm
http://geocities.com/ddfsteyxbext/alynahej.htm
http://geocities.com/DevinSnyder65/ikahejov.htm
http://geocities.com/EdwinRandall53/nulaxubumul.htm
http://geocities.com/EltonLawson02/uwalajahe.htm
http://geocities.com/foayoqetpxe/nulaxu.htm
http://geocities.com/FreddyCampbell36/ohuloc.htm
http://geocities.com/hshybmbcg/alynah.htm
http://geocities.com/KirbyRaymond27/ociqam.htm
http://geocities.com/kktpxdqnhb/ulociqamy.htm
http://geocities.com/kmbxpkrkpe/byhegap.htm
http://geocities.com/ktywgegrcudf/byhegapy.htm
http://geocities.com/LiliaMathews67/yredaxubu.htm
http://geocities.com/MarionHudson45/nulaxu.htm
http://geocities.com/MasonSalinas48/rociqamynah.htm
http://geocities.com/MiguelPatterson69/ohuloci.htm
http://geocities.com/MilesFlowers05/alynah.htm
http://geocities.com/msxpytqms/apegapyz.htm
http://geocities.com/MurrayWaters50/byhegapy.htm
http://geocities.com/nmxtumdrfrff/alynah.htm
http://geocities.com/npxqrwxww/apegapyz.htm
http://geocities.com/ocaxbasohmgo36/hiqamyna.htm
http://geocities.com/rhauwqyee/nulaxubumul.htm
http://geocities.com/RobinWhitley59/byhegapy.htm
http://geocities.com/RussChandler61/yredax.htm
http://geocities.com/sfgesqfhrtrx/yredaxubu.htm
http://geocities.com/ShirleyTrevino49/bumulociqa.htm
http://geocities.com/TanyaWeber50/nulaxubumu.htm
http://geocities.com/TiffanyKirby11/yredaxubumu.htm
http://geocities.com/TyreeOsborne93/byhegapyz.htm
http://geocities.com/ufxesabsq/apegap.htm
http://geocities.com/WadeJoyce45/mulociqam.htm
http://geocities.com/yoqrawycf/yredaxubumu.htm
http://geocities.com/zgdgesbnw/ynahejoveke.htm
http://geocities.comgeoffreyPowell47/yredaxubum.htm
Of course none of these URLs actually is the final destination.
The current malware is
File size: 89600 bytes
MD5...: d62e9d994d587e94e04ad3f75ff14f69
you can see a VirusTotal report which shows a 6 of 41 detection rate. Only six anti-virus products out of 41 currently know that this is malware.
No comments:
Post a Comment
Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.