BBB/IRS Phishes and the Chinese Connection

June 7th, 2007

Recently we detailed the workings of two different phishing emails designed to install malware on the computers of executives through social engineering ploys. The first ploy was an email pretending to be a complaint routed through the Better Business Bureau. We saw this used to install two different families of malware. The second ploy, posing as a criminal investigation notice from the IRS, has now been seen installing the same two families of malware.

The one that got our attention in the first place, known as Troj-iwebho, has a simple yet powerful tactic - steal ALL data being sent from the victim’s web browser. Banking, email, shopping, stock trading, prescription/healthcare data and casual (sometimes very personal) browsing - everything the user does online is databased by the attacker. It seems on the surface that it makes for an identity theft scam with a very high payoff potential.

Read more…