Mal/Iframe-AE Description

Mal/Iframe-AE is a label that certain security programs and PC security researchers have applied to a fraudulent email message that has taken over a large percentage of spam email as tax season approaches in the United States. The timing for the Mal/Iframe-AE scam is relevant because this fake email message claims to have been sent out by the IRS (Internal Revenue Service) of the United States claiming that the victim's tax appeal was rejected because of a lack of information. If you receive the Mal/Iframe-AE message, ESG Security analysts strongly advise against opening this message, any attached files, clicking on any embedded links or believing any of the Mal/Iframe-AE scam's claims. Instead, update your spam filter and anti-malware scanner to ensure that Mal/Iframe-AE scam does not bypass any security measures installed on your computer in order to intercept similar online scams.

An Overview of the Mal/Iframe-AE Scam and Its Fraudulent Email Message

The Mal/Iframe-AE scam's actual email claims that the victim's tax refund appeal was declined. IT goes on to state that details for the rejection and instructions to resubmit that appeal can be found in a file attachment included in the Mal/Iframe-AE email message. ESG security analysts have detected various subject lines that the Mal/Iframe-AE scam tends to use, including any of the following:

Rejection of your tax appeal.
Your tax return appeal is declined.
IRS notification of your tax appeal status.

However, opening the attached HTML file directs the victim to an attack website where criminals will attempt to install a backdoor Trojan on the victim's computer. This attached HTML file is detected as Mal/Iframe-AE by several anti-malware programs.

Beware of Fake Email Messages from the IRS

These kinds of scams are nothing new. Near dates that are important when filing your taxes, criminals take advantage by sending out scams like the Mal/Iframe-AE fraudulent email message. These kinds of elements involved in infecting systems with malware are usually referred to as social engineering, and involve attempting to fool victims with lies and deception rather than by taking advantage of security flaws in a computer system. As Mal/Iframe-AE and similar scams demonstrate, it is usually more effective to take advantage of security flaws in human nature than security flaws in software that have more oversight and are more difficult to defeat.

Technical Information

File System Details

Mal/Iframe-AE creates the following file(s):
# File Name Detection Count
1 %System%\ER32.DLL N/A
2 %System%\abc.dll N/A
3 %Temp%\p2883758997.cmd N/A
4 %Temp%\p2883757805.cmd N/A