“While each email differs in its template, the goal is the same: to infect computers with an information-stealing Trojan that logs keystrokes. It also collects system information like titles of open windows and the operating system version that is sent back to attacker command and control server,” he said.
The mails stating that money has been deducted contain an attached file that claim to be a receipt for the payment. The alleged receipts are ZIP files that contain information-stealing malware that Symantec detects as Infostealer.Donx, he said.
On the other hand, the
authentic looking mail with the Personal Account Number (PAN) (used to identify taxpayers in India) contains an attached ZIP file that is not password- protected.
“Contrary to what the email claims, the ZIP file does not contain a PDF. Instead, it contains another information- stealing Trojan that Symantec detects as Trojan.Gen,” Narang said.
He added that the attackers spoof the domain for email addresses belonging to the Income Tax Department of India in an effort to make the emails look more convincing.
“In India, the IT-Department does send intimation emails to taxpayers. While these emails include attachments, they are password-protected using the taxpayers’ PAN and date of birth/date of incorporation. This is unique to each entity and adds credibility that the source of the email is the IT Department,” he said.
Narang added that one should avoid opening suspicious looking mails and report the email to Indian Computer Emergency Response Team (CERT-In).
No comments:
Post a Comment
Leave a comment