The latest virus email circulating appears to come from the U.S. Department of the Internal Revenue Service.   The messages typically have a subject line that reads, "Notice of Underreported Income," and they encourage readers to either install an attachment (which contains a Trojan virus) or to click on a Web link in order to view their "tax statement." Instead, the link takes the invitee to a malicious Web site.  The Internal Revenue Service has advised anyone receiving this email NOT to open it or click on it.  Their official word on this is, “The IRS does not initiate taxpayer communications through e-mail.”

This latest viral spam campaign is not slowing down, according to Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham. Warner claims that this particular spam campaign is responsible for nearly 10 percent of the spam e-mail that his group is currently tracking, he said. "This is the most prominent spam-delivered virus in the world right now," he said.

The spam campaign has risen in prominence and frequency since September 9th.  Antispam vendor Cloudmark says it has counted 11 million messages sent to the company's nearly 2 million desktop customers, according to its abuse operations manager, Jamie Tomasello. That number is "very high," she noted.

The malware that accompanies the fake IRS messages is a variant of the Zeus Trojan, a stealthy and often difficult to detect Trojan virus. It operates with software that hacks into bank accounts and steals the money from the account as part of a widespread financial fraud scheme. It is estimated by some researchers that criminals using Zeus have been stealing over one million dollars per day out of victims' bank accounts with the software. The Zeus Trojan has preyed on small businesses, and some have been hard hit financially, as banks have held or attempted to hold these businesses accountable for the losses of their employees, customers and business accounts.

Gary Warner says that Zeus is a particularly nasty virus to detect.  He tested a recent variant of Zeus on the VirusTotal Web site; and he claims that only 5 of the 41 antivirus detection systems used by VirusTotal caught it.  This is in part because the Zeus binaries are modified frequently.  It's difficult to stay ahead of it via antivirus because the Zeus binaries are changing a few times a day to evade detection," said Paul Ferguson, a researcher with TrendMicro. "It's definitely a problem."