You might not be preparing your taxes yet, but hackers are thinking ahead with new tax-time scams. The Oklahoma Tax Commission was victimized by an attack that defaced the organization’s Web site and downloaded malware onto visitors’ computers, security researchers say.
Visitors to the Oklahoma Tax Commission Web site were told they needed to accept an Adobe license agreement and then download software. While the prompt appears "normal," researchers said that the application contained malicious code designed to infect users if they click "Accept." Once infected, hackers were able to take control of a user’s PC, and gain access to victim’s personal information stored on their system.
Researchers at AVG Technologies, who discovered the attack Thursday, said that the hackers were capitalizing on the uptick of visitors to tax sites at the beginning of tax season.
"With tax time upon us, this is a timely hack of a site that’s getting above normal traffic," said Roger Thompson, AVG chief technology researcher, in an AVG blog post, adding "These things happen to lots of people, but it’s a bit unfortunate to happen to any tax site at this time of year."
Thompson said that the site’s IT personnel will remove the malicious code and restore the hacked Oklahoma tax site quickly. But how the hackers were able infiltrate the site still remains to be determined, he said, noting that the Oklahoma Tax site hackers seemed to be able to manipulate the site with relative ease.
Details with screenshots in http://thompson.blog.avg.com/2010/01/ok-so-that-sucks-a-bit-especially-given-the-time-of-year.html