The controllers of the Zeus botnet have been rotating through several old baits, looking for things that will get unsuspecting users to download attachments and infect themselves. In recent days, they’ve been trawling fraudulent VISA transactions and “some jerk has posted your picture” in front of us. Today, we’re seeing something new.

Emails with the subject “You are in a higher tax bracket”, from “Tax Commisar”, have been making the rounds for the last 20 hours or so. After reminding you that the US uses a progressive income tax, you’re told that you’re making more money than last year, and that you should review your annual tax report. The included link takes you to a double threat – the page itself tells you that you need a new Flash player, and it will attempt to automatically download (and run) a PDF file. The “Flash updater” is an installer for the Zeus bot, and the PDF file takes advantages of some known vulnerabilities in unpatched Adobe Acrobat versions to take control of your machine if the Flash updater doesn’t get it first.

Make sure you’ve grabbed the last Acrobat updates from Adobe, along with all of the other security patches that you should be keeping on top of. Malefactors have been using Acrobat as an abuse vector for a while, and it’s just getting worse.

… or, at least, that’s what the scammers want you to believe.

There are a lot of email and SMS messages flying around over the last few days containing text like this (payload website name removed):

Hey, Obama's giving Gov Grants to help families in your area to stimulate the economy. Check it out, SCAMWEBSITE.com, don't miss out. It won't last long!

The payload websites try to look legitimate, with “As seen on CNBC, MSNBC, and CNN” logos everywhere, fake comments (with additional commenting “disabled due to spam”), and testimonials from people who claim this actually worked for them. These sites direct you to another site, liberally sprinkled with American flags and logos of the major news networks, which asks you for your contact information and a credit card, from which they will charge you a $1.95 shipping fee to send you an information packet. Hidden in the terms and conditions, however, you’ll find that this $1.95 only covers your “one-day trial period”, and that they’re going to bill you approximately $60/month until you cancel. You can read more about this, including a large number of archived complaints about this scam, at complaintboard.com.

Remember – if it seems to good to be true, it probably is. Careful reading of terms and conditions, along with research and a healthy dose of skepticism, can help keep you from being a victim.