Your FED TAX payment Rejected - TAX@irs.gov - malware

Your FED TAX payment Rejected malware is now arriving in the form of a html email,
with an attached ZIP file.

Headers:

Date: Tue, 13 Jan 2015 13:27:05 -0500 From: "TAX@irs.gov" {tax@irs.gov} Subject: Your FED TAX payment (ID:MKPIRS625698164) was Rejected

Message body:

*** PLEASE DO NOT RESPOND TO THIS EMAIL *** Your federal Tax payment (ID: MKPIRS625698164), recently sent from your  checking account was returned by the your financial institution. For more information, please download attached notification. (Security Adobe PDF file) Transaction Number: MKPIRS625698164} Payment Amount: $ 5170.18 Transaction status: Rejected                                                   ACH Trace Number: 5555555555                 Transaction Type: ACH Debit Payment-DDA       Internal Revenue Service Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785.

Attached to the email is a ZIP file:

FEDERAL_tax_notify.pdf.zip

On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)

FEDERAL_tax_notify.pdf.scr

Md5 Hashes:

45f3c660daf2e9013c34a5708242af92

Malware Information:

VirusTotal Report [1] (hits 13/57 Virus Scanners) Malwr Report [1] Summary: Performs some HTTP requests Steals private information from local Internet browsers Creates an Alternate Data Stream (ADS) Installs itself for autorun at Windows startup

Cheers,

Steve
Sanesecurity.com