Monday, June 16, 2008

Dutch users Alert! - Beware of fake Tax Forms

This is especially a warning for Dutch users (from the Netherlands). There's malware spreading where it changes your startpage to a random dutch site (.nl domain - which is a compromised/hacked site) , presenting you with this:



Full screenshot of the form:



NOTE.. This is NOT from the legitimate belastingdienst.nl site as they DON'T ask you for this info (PINCode etc).
Even though it says it's from belastingsdienst.nl, it's NOT. Only the template from belastingsdienst.nl was used here, not the form itself.
Also note the "Microsoft Certified" and "Comodo Hacker Proof" logo to make it look like a legitimate site.

This piece of malware is especially designed to target Dutch users in order to steal their banking info.

I found this out yesterday while I was helping a user with an infected PC. The PC was severly infected/badly compromised...
There was also a .bat file present, with the command to change the Internet Explorer startpage to a random .nl site with this fake tax form.
I'm still waiting for the samples and more info how this user got infected in the first place.
I guess this infection is spread via MSN, however, I cannot tell for sure yet. The samples and extra info should tell...

So beware when you see similar forms... especially when they ask to enter your PINCode.

Update... More info about the malware itself here:
http://miekiemoes.blogspot.com/2008/06/dutch-users-alert-beware-of-fake-tax_21.html

Related Posts by Categories