14 DAY TRIAL // Currently circulating email messages claiming to distribute the government form 261 (Authorization to Use Privately Owned Vehicles on State Business) come with a malicious attachment.
This particular form is sent annually, and crooks try to profit from the most agitated time of the year to trick recipients into infecting their computers.
Form 261 exists, it can be downloaded from a trusted address
The malware in the attachment is archived and contains an executable file (SCR) that could potentially drop more aggressive threats designed to exfiltrate sensitive information.
Scammers deliver the message with the subject “Annual Form - Authorization to Use Privately Owned Vehicle on State Business,” Hoax Slayer reports. Distracted recipients seem to be the target audience since they may not check the sender address or verify with the accounting department if such a form needs to be filed.
“All employees need to have on file this form STD 261 (attached). The original is retained by supervisor and copy goes to Accounting. Accounting need this form to approve mileage reimbursement,” the crooks wrote in the fake email.
Such a form really exists, and it can be downloaded from the Office of Fleet and Asset Management Forms. The recommendation is to get the document from a trusted repository and avoid using the one sent in an email attachment, especially if it is archived.
The same campaign ran last year, too
Scams of this type are not new, and have been conducted since at least October 2013, with the exact message. Webroot published a brief analysis of the attached malware in November last year, saying that the purpose of the threat was to enslave the computer into a botnet.
It is unclear if the version disseminated this year and the one distributed in the past are one and the same or if there is any connection between them. The sample analyzed by Webroot was a malware dropper from the Upatre family that crossed paths with the Asprox botnet in the past.
Recently, Asprox operators have deployed an aggressive campaign with the purpose of enlarging the network of compromised computers.
The holiday season is when cybercriminal activity increases more than in any other month of the year. People are more distracted these weeks and crooks know this very well.
Apart from email campaigns, security researchers also noticed that phone scams are also increasing in frequency, with fraudsters impersonating IRS agents and trying to get money from the victims by creating fake tax problems.
