Cyber criminals are becoming increasingly adept at turning out legitimate-looking spam emails, making sometimes even more experience users fall for the various scams.
SANS Internet Storm Center handler Manuel Santander warns about an email supposedly sent by the market customer service of Intuit, an American software company that develops widely-used financial and tax preparation software and offers related services:
The email does seem pretty legitimate, but positioning the mouse over one of the offered links shows that the user will be taken to a website that does not seem like it belongs to the company.
It then injects itself into explorer.exe and hooks into another DLL fine, and finally reports back to a Russian domain which resolves a number of IP addresses. The websites on these IP addresses are thematically not connected but, if we judge by another recent Intuit-themed spam campaign, are likely to be compromised and hosting an exploit kit that leads to malware.
The US tax season ends on April 17. Until then, users are advised to be especially careful when reviewing tax-themed emails that manage to make their way into their inboxes.