National Payroll Reporting Consortium trojan

[fear_nothing]

We've got a few of these gems in via email over the past few days, as noted below and described in the Websense link.

What I cannot find is the network behavior associated with the Trojan.

I'm getting alot of Google hits on " National Payroll Reporting Consortium"
but thats about it. What is this guy doing once installed, what ports, general behavior etc?

http://www.websense.com/securitylabs/alerts/alert.php?AlertID=835

From: National Payroll Reporting Consortium [[email protected]]
Sent: Tuesday, January 08, 2008 4:38 PM
To: Targeted User
Subject: Payroll Fraud Case #863538 Tax Evasion

<http://nprc-inc.org/images/b_about.gif>

It was brought to our attention that your company made numerous misrepresentations regarding worker classification and payroll to fraudulently lower the company's workers' compensation insurance costs and thereby gain an illegal competitive advantage.


In order to resolve this issue please fill out the form attached to this email and fax it back to our Fraud Department. Employment tax fraud is a growing concern and represents a large portion of the nation's tax gap.

Suspected tax fraud can be reported to the IRS using IRS Form 3949-A, Information Referral. Form 3949-A is available for download from the IRS Web site at IRS.gov Evading employment taxes can have serious consequences for employers and the employees.

 

[Nate7311]

My User's have gotten the same.

As well as:

A complaint has been filled against the company you are affiliated to ( XXXXXXXXX ) in regards to the domain of business activity.
The complaint was filled by Mr. Lincoln Jameson on 01/09/2008 and has been forwarded to us and the 
IRS . 
Complaint Case Number: #1843C3 Date: 01/09/2008 
A copy of the original complaint and the contact information of Mr. Lincoln Jameson has been attached to this e-mail.Please print and keep this copy for your personal records. 
Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them: 
Claims based on product liability; 
Claims for personal injuries; 
Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties. 
 
The decision as to whether your dispute or any part of it can be arbitrated rests solely with the US Department of Justice.
The Department of Justice offers a binding arbitration service for 
disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options. 

 
 
© 2008 US Department of Justice All Rights Reserved.