Malware spammed out widely posing as income tax email

Graham Cluley
Graham Cluley
@[email protected]

Malware spammed out widely posing as income tax emailA malware campaign has been spammed out widely, seemingly taking advantage of an important date in the US tax system’s calendar.

January 31st is the deadline for US employers to deliver the W-2 form to all of their workers, used to help calculate the total wages earned by an individual during the course of the year.

So, how might you respond if you received an email like this today?

Tax email carrying malware

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: FW: 2010 and 2011 Tax Documents; Accountant's Letter

Message body:
I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2010 and 2011, plus an accountant's letter.

This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.

Attached to it is a ZIP file, whose filename will vary depending on the recipient. For instance, if the email is sent to [email protected], the zip file will be called

Inside the ZIP file, is an executable file: “Individual Income Tax Returns.exe”

Sophos products detect this file as the Troj/Agent-ZWM backdoor Trojan horse, designed to infected your Windows computer and allow remote hackers to commandeer it for their own purposes.

If you thought fines for submitting a late tax return were bad enough, imagine how much worse things could be if a malicious hacker is trawling through your private documents, stealing your passwords, and accessing your online accounts without your knowledge.

Always be suspicious of unsolicited email attachments, and think before you click.

Tax return stamp image from Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.