Analysis by: Mary Isabel Segismundo

As tax season draws closer, cybercriminals are wasting no time in leveraging it. We recently spotted a DRIDEX-related spam run that pretends to come from United Kingdom’s own agency for collecting taxes, HM Revenue & Customs. It informs users that they have pending refunds and instructs them to open the attached document. Doing so, would lead to the installation of a DRIDEX variant detected as W2KM_DRIDEX.YYSRD. DRIDEX malware is one of the prevalent online banking malware to date.

Users are recommended to double check the legitimacy of email messages even these came from seemingly legitimate sources. Trend Micro protects users from this threat via detecting the spam mails and DRIDEX variants.

 SPAM BLOCKING DATE / TIME: February 16, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2136