Intuit spam loads malware

As we are getting into tax season, online criminals are pumping in loads of Intuit spam. Intuit is famous for its TurboTax software.

The phishing email lures you into downloading an invoice:

The link opens an obfuscated page that references an iframe:

One of those is perikanzas.com/main.php?

It loads an Adobe Reader/Acrobat exploit (CVE-2010-0188) and the Microsoft Help Center vulnerability (CVE-2010-1885).

Full Wepawet report here.

As always, several thousand innocent websites have been infected to link to this exploit. (google “intu.html” in the URL)

Jerome Segura

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>