As the deadline for global tax returns to be filed ends this weekend, residents of the US state of Oklahoma have been hit by a security scare.
Roger Thompson, chief research officer at AVG, detected that the Oklahoma State Tax website was hacked and infective this week, warning users not to go there ‘because until they clean it, it is dangerous'.
When visited, the standard home page was present but an Adobe licence agreement appeared encouraging users to accept it. Thompson said that a look at the source reveals code ‘which is probably the culprit'.
He said: “It's a simple hack, and probably just happened on January 27th because lots of our users are reporting it today. I expect that the web guys at OK Tax will remove the hacked html pretty quickly, but the bigger issue will be figuring out how the bad guys got in.
“These things happen to lots of people, but it's a bit unfortunate to happen to any tax site at this time of year.”
In another incident, Gavin Neale, security researcher at M86 Security, detected that the American Bankers Association (ABA) has been used as a lure by the Pushdo/Cutwail/Zeus gang, as spam was sent this week informing the recipient of an ‘unauthorised transaction billed to your bank card'.
A link, along with financial details, is given which leads to the ABA website with the amount of the transaction and transaction ID. Neale said that clicking on the 'Generate Transaction Report' will prompt you to download the file transactionreport.exe, and this is the Zeus/Zbot Trojan horse.
He said: “As with previous campaigns by this group, an IFrame on this page delivers exploits from the FSPACK exploit kit. When we visited this page in our lab using the Firefox browser, we were prompted to download a PDF file.
“Had we opened this file with a vulnerable version of Adobe Reader, our test machine would have been infected with Zeus. FSPACK also exploits several vulnerabilities in Internet Explorer and Adobe Flash.”