Mx lab, a company that provides email security services, has only lately verified the presence of a new trojan distribution campaign by email with the subject line “intuit security alert,” amongst a large number of other similar campaigns. Surprisingly, the campaign was concealed behind a message that was sent out by the world’s most popular bookkeeping software, which is called Quickbooks Accounting Software intuit. The security company discovered that the following faked email accounts had been used to send emails: “quickbooks online security@intuit.com,” “quickbooks security@quickbooks.intuit.com,” and “intuit security center qbsecuritycenter@intuit.com.” The following is a response from the specialist based on the information in the email: “as of November 5th, 2015, we will provide updates for all of the browsers that we support.” As a result, we strongly recommend that you update to the most current version so that you may have the best possible experience while using the website. To bring your computer into compliance with intuit’s standards for online safety, please go to the following website, download, and then ultimately install the latest security update for all of the supported browsers. The security company strongly advises you to refrain from following the above content, which is followed by a url. In the event that you go to the URL, there is a possibility that it may launch a new browser window and update the page of the existing browser. It has also been observed that out of 55 different av engines, 2 of them interpreted trojan at virus total as either heur?qvm03.0.malware.gen or trojan.a19773f50. On November 18, 2015, we issued a warning on security.intuit.com to advise our customers about the potential danger posed by a specific phishing campaign that we had identified as being capable of delivering a malicious payload. This campaign had been identified by us as having been conducted. In addition to this, we have requested that the primary email service providers ban and then delete this email from their respective systems. additionally, because of our activities, the suspicious url (intuit.updates.securityserver-2.com) was erased from the internet, which resulted in the banning of the danger to intuit customers, according to steve sharpe, a spokesperson for intuit, as stated in news published by scmagazine.com. It is not the first time that fraudsters have attempted to compromise items manufactured by Intuit. Because hackers used the same system to file fake returns and steal tax returns, Intuit was forced to temporarily shut down its TurboTax state e-filing system in February of this year after the events occurred. Intuit had to take this action because the hackers utilized the same technology. Therefore, customers need to be wary of emails that seem to come from nowhere and make weird demands, such as suspicious emails purporting to give freebies.
Author
jackemails@gmail.com