TurboTax: State Return Rejected - virus scam

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to LinkedInSubmit to Twitter

A fake Intuit Turbotax email claims state return has been rejected, claims information is attached.

Attached zip file contains trojan horse or exe virus.

Mixed spoofing of securebank.com and intuit.com or others.

You can forward these to This email address is being protected from spambots. You need JavaScript enabled to view it. if you'd like to help them investigate!


Subject: TurboTax: State Return Rejected

[Intuit Logo]
[Turbotax Logo]

Your Tax Return Status: State Return Rejected
Your State Return Has Been Rejected! What this means:
Your 2012 Personal return "TAX_735560450" has been rejected.
All information has been reviewed and validated by Intuit,
please find more information attached. You will be prompted t
o open (view) the file or save (download) it to your computer.

Need copies of your tax returns for your records?

You can sign in to TurboTax any time and print or save copies
for your records by clicking on the Print Center tab in the
upper right corner of your screen.

Note: If you e-filed a federal return, you will receive a
separate status email about that return.

We recommend keeping copies of all status emails for your records.
Thanks for using TurboTax!

Note: This email was automatically generated. Please do not respond
to this email address; it comes from our automated alert system,
which is not monitored for responses.
Turbotax Blue Footer omniture

TAX_735560450.zip (153)

Picture of fake TurboTax email claiming state return rejected, has virus.


Headers samples: Securebank.com in the HELO and envelope, but Intuit.com in the FROM header.

Received: from securebank.com ([46.99.137.19]
X-Envelope-From: message @securebank.com
From: "IntuitElectronicFilingCenter @intuit.com" <IntuitElectronicFilingCenter @intuit.com>

Received: from securebank.com ([49.0.201.16]
X-Envelope-From: message @securebank.com
From: "IntuitElectronicFilingCenter @intuit.com" <IntuitElectronicFilingCenter @intuit.com>

Received: from mail.cedind.com [204.57.111.68]
X-Envelope-From: message @securebank.com
From: "IntuitElectronicFilingCenter @intuit.com" <IntuitElectronicFilingCenter @intuit.com>

Received: from securebank.com ([46.225.62.149]
X-Envelope-From: message @securebank.com
From: "IntuitElectronicFilingCenter @intuit.com" <IntuitElectronicFilingCenter @intuit.com>

Received: from 67.20.150.223.pool.hargray.net [67.20.150.223]
X-Envelope-From: message @securebank.com
From: "IntuitElectronicFilingCenter @intuit.com" <IntuitElectronicFilingCenter @intuit.com>

Received: from securebank.com ([49.0.201.16]
X-Envelope-From: message @securebank.com
From: "IntuitElectronicFilingCenter @intuit.com" <IntuitElectronicFilingCenter @intuit.com>

Attachment example:

TAX_735560450.zip containing TAX_3919473.exe

https://www.virustotal.com/en/file/e2924242554b45dcbdc595671dc114adb94d9d5d4a5dee8196b0b64386d444e2/analysis/

ClamAV          Win.Trojan.Tepfer-160
Symantec       Trojan.Zbot
MalwareBt     Trojan.LameShield
Sophos           Troj/DwnLdr-KOZ
Microsoft         PWS:Win32/Fareit.gen!C
Kaspersky      Packed.Win32.Katusha.y
AVG                 Generic_s.AOA
McAfee            BackDoor-FJW

 

If this was at least a little helpful, how about a +1 or a Like?

 

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to LinkedInSubmit to Twitter

Found something bad?

Do your part to clean it up!

Report malicious links to:

StopBadware.org

Report phishing links to:

Google Safebrowsing - Phishing

Netcraft Anti-Phishing

Send Virus Samples to:

Clam AV Database

Microsoft Anti-Malware DB

But most importantly:

Follow THL on Twitter

 

Submitting an email to THL

Submissions welcome!

 j (a-t) techhelplist (d-o-t) com

password zips with "slick-banana"

Some other GREAT resources

StopMalvertising

MyOnlineSecurity