Here’s the article from the SANS Newsbites column, Vol. 11, No. 77:

(I’ve pasted the whole thing here so that you can read it and also access the links at the end of the story)

–US-CERT Warns of Spam Pretending to be From IRS
(September 25 & 28, 2009)
The US Computer Emergency Readiness team (US-CERT) has issued an alert
warning of a spam attack in which the messages are spoofed to appear to
come from the US Internal Revenue Service (IRS) regarding underreported
income. The messages encourage the recipients to open an attachment or
click on a link to view their tax statement, but the attachment contains
malware and the link leads to a malicious website. The IRS warns people
not to open attachments in emails claiming to be from the agency. The
malware used in this attack is the Zeus Trojan horse program, which is
difficult to detect. Zeus is used to help cyber criminals steal money
from bank accounts.

http://www.computerworld.com/s/article/9138527/IRS_scam_now_world_s_biggest_e_mail_virus_problem?source=CTWNLE_nlt_dailyam_2009-09-28

http://voices.washingtonpost.com/securityfix/2009/09/irs_scam_e-mail_could_be_costl.html

http://www.us-cert.gov/current/#malicious_code_spreading_via_irs