Email from:
"Support"
Received at 18:07 today.
Subject:
"Pay tax today with HM Revenue & Customs!"
Body of email formatted with genuine HMRC logos.
Text includes: "HMRC's Online Services are a quick and convenient way for you or your authorised agents to deal with a whole range of tax, excise and benefit related issues."
"The benefits of doing it online include:
* It is quick and convenient.
* It is safe and secure. "
"Please complete the form given in attachment fully and submit (ddctaxform.pdf)."
The file attachement is in fact:
ddctaxform.pdf.exe. Computers set up to hide known file extensions will not show the ".exe" so it will look like a genuine PDF.
This was NOT detected by Norton Antivirus definitions of 27-Feb-2006.
The suspect file was submitted to Symantec who confirm that it is Download.Trojan - a non-repairable threat.
"Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created RapidRelease definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install
the latest RapidRelease definitions."
Click this link for the Symantec ftp site.
A query to HMRC helpdesk (which is of course open between 8am and 10pm Monday to Friday) gets the usual reply - we will get back to you in the next few days.
Chas Dytham
Related resources
Replies (2)
Please login or register to join the discussion.
Not pretty
Thanks too, Chas.
It's an old virus, but dressed up in ugly new clothing that could trick the unwary.
I was going to suggest that many viruses assume aliases from names in your outlook in-box and address book, but whoever cooked this one up put a lot of effort into camoflaging the code in a plausible HMRC-style message.
I'll give a wider airing to your warning on our news pages and hope it helps to put people on their guard.
NB - NEVER open an attachment unless you are completely convinced that it is from a bona fide source.
John Stokdyk
Technology editor
AccountingWEB.co.uk