February 28, 2008 - "Earlier today I got a new phishing scam in my inbox, this one for the IRS. I’d love a tax refund, but I don’t think this is how they normally notify you. The lure email is shown... and is quite standard in its formatting. It even threatens you with criminal prosecution if you lie... This is a new twist in phishing attacks that can bypass the normal URL filtering bar for malicious sites. It requires that the mechanism that determines if it’s a phishing site recognize that EXEs can also be used in phishing. It makes sense that this would evolve, I suspect we’ll see more of this soon. I ran the sample through VirusTotal for an overview of the AV detection and saw that it’s not as well detected as it could be... In the time between getting this sample, notifying people, and analyzing the sample, it was shut down. Good."
(Screenshots available at the URL above.)