Spam and phishing run targets Australians

Someone has their sights set on Australian users...

It seems the bad guys are targeting Australian Internet users this week. I got a few of these this morning, as did a couple of Risky.Biz listeners:

Date: 14 September 2011 10:05:53 AM AEST
Subject: Attention for the ABN owners
x-original-to: REDACTED
x-mailer: azzgnshjz.46

Australian Taxation Office together with Australian Business Register
wants to inform you that starting from January, 1 2012 new rules of use of ABN number are being introduced.

The changes will concern:
- GST credits;
- Australian domain names registration

More detailed information about the coming changes in the rules you can find HERE.

Australian Business Register

All links in the e-mail go to the domain

That site drops an executable named updateTax15sept.pdf.exe.

Geez. I wonder if I should run it?

I also received a couple of other, similar messages purporting to come from the ATO. Again, all links pointed to the domain

TL;DR: Drop domain at your gateway.

UPDATE: Our buddy Neal Wise at says the same spam run makes use of the domain, too... Some on Twitter have reported hundreds of these spams coming through their gateway just this morning. Seems very tightly focussed on an Australian audience.

Patrick Gray on Twitter.