After debating for several moment on exactly where to locate this thread, I ended up here so a mod wouldn't have to move it.
A little background: I have been an IT person since the early 1980s and have seen threats come and go. I have worked for major corporations and made
it through all the major viruses/trojans and other crap spread through infected email attachments.
After seeing a post last week on ATS about the IRS Notification email from IRS Support and the OP questioning the validity of the email, I thought you
all needed to be informed about the latest threat that turned up in my inbox today. This is what I received:
From: "Police agency"
To: my.email.com address
Subject: UNIFORM TRAFFIC TICKET #8572514 (or some other randomly generated number)
Body: New York State — Department of Motor Vehicles
UNIFORM TRAFFIC TICKET
POLICE AGENCY
NEW YORK STATE POLICE
Local Police Code
THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS
Time
7:25 AM
Date of Offense
07/02/2011
IN VIOLATION OF
NYS V AND T LAW
Description of Violation
SPEED OVER 55 ZONE
TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117
There is an attachment named: Ticket.zip
If you download and extract the TICKET.ZIP file and run the TICKET.EXE executable, you will have installed TrojanDownloader:Win32/Chepvil.K (as
identified by Microsoft.)
Other AntiVirus software may detect as:
BKDR_HOSTIL.AJ (Trend Micro)
Trojan.Win32.Sasfis.bhrn (Kaspersky)
# Troj/Agent-RGK (Sophos)
# Trojan.FakeAV (Symantec)
This program once installed to your computer will call itself either 'XP Total Security' or 'XP Anti-Spyware 2011'. On execution it will pretend to
scan over your system and find ~25 or so items needing removal. It will then request you to purchase a subscription while having constant popups about
infections. It copies itself to Application Data folder and Temporary Internet Files folder, as well as Installing itself into the registry.
People, please use common sense. The cops, the
IRS, DHL, UPS or Fedex will
not send you an email and have you extract a .zip file, .pdf, .doc or any other file unless you request something from them. Please delete and mark
these emails as spam.
edit on 10-7-2011 by survivalstation because: Link to IRS thread