It seems the bad guys are targeting Australian Internet users this week. I got a few of these this morning, as did a couple of Risky.Biz listeners:
From: rules@abr.gov.au
Date: 14 September 2011 10:05:53 AM AEST
To:
Subject: Attention for the ABN owners
x-original-to: REDACTED
x-mailer: azzgnshjz.46
Australian Taxation Office together with Australian Business Register
wants to inform you that starting from January, 1 2012 new rules of use of ABN number are being introduced.
The changes will concern:
- GST credits;
- Australian domain names registration
More detailed information about the coming changes in the rules you can find HERE.
Australian Business Register
www.abr.gov.au
All links in the e-mail go to the domain australianbusiness-store.com.
That site drops an executable named updateTax15sept.pdf.exe.
Geez. I wonder if I should run it?
I also received a couple of other, similar messages purporting to come from the ATO. Again, all links pointed to the domain australianbusiness-store.com.
TL;DR: Drop domain australianbusiness-store.com at your gateway.
UPDATE: Our buddy Neal Wise at Assurance.com.au says the same spam run makes use of the domain australian-businesssite.com, too... Some on Twitter have reported hundreds of these spams coming through their gateway just this morning. Seems very tightly focussed on an Australian audience.
