New Spam-Based Tax, Survey Scams Surface in January


After a comparatively slow start in the first half of the month, spammers and malware purveyors ratcheted up their activity in the latter part of January, peaking at more than 130 million spam messages on January 26, according to security software vendor AppRiver.

Worldwide spam volume hovered between 70 million and 90 million messages per day until January 12, when the prolific Rustock botnet resumed its spam-sending ways, according to AppRiver's "Threat and Spamscape Report" for January.

Perhaps more concerning, however, was the dispiriting spike in malicious spam campaigns using high-profile brands such as McDonald's and Coca-Cola among others to trick people into divulging personal information in a bogus survey promising a cash reward.

AppRiver security analysts also charted a tremendous mid-month surge in malicious content staffed away within images either attached to emails or showcased on infected sites to which users were redirected.

"We saw a huge mid-month spike in spam attempting to obfuscate its content using an image attachment," the report said. "For a few days, we were monitoring levels at more than four times the norm."

U.S. taxpayers can expect a deluge of new IRS and other tax-related spam and malware in the next few months. For UK residents, the scams were in high gear last month ahead of the HM Revenue & Customs' (HMRC) – the UK's version of the IRS – filing deadline of midnight January 31.

Intended victims received an unsolicited email spoofing HMRC, warning them that the tax collecting agency had recalculated their returns and discovered that they were owed a sizeable refund. Of course, to get the non-existent refund, they must open a zipped attachment and follow the instructions.

"If recipients did indeed open this document, they would have been treated to an HTML page that could fool some into believing they had ended up on a page from the actual HMRC site," the report said.

But it was just another phishing trap that attempted to elicit users' personal information including credit card and CVV numbers and their mother's maiden name.

While spam levels have been receding in recent months due primarily to unrest among pharmaceutical spam operators and their intermediaries, those interruptions have apparently been offset by the soaring popularity of malware kits available online that allow just about anyone to set up their own phishing or spam operation.

Last month, enterprising malware wholesalers calling themselves "Russia Hackers" rolled out a new toolkit titled RH2.5 kit ver 2011 that promised tools including a "spreading guide to infect 100k victims per day" and access to SpyEye, one of the new up-and-coming botnets circulating the underground malware community.

"The moral here," AppRiver analysts said, "is that as long as there are people out there selling these things, and as long as they continue to make it usable even by the non-technical [user], we're going to continue to see attacks from the script kiddies and professional cybercriminals will continue to grow."

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.