Sponsored by..

Friday, 1 August 2014

"Corporate eFax message from "unknown" - 3 page(s)" spam

This somewhat mangled spam has a malicious attachment:

Date:      Fri, 1 Aug 2014 09:45:45 -0700 [12:45:45 EDT]
From:      eFax Corporate [message@inbound.efax.com]
Subject:      Corporate eFax message from "unknown" - 3 page(s)

You have received a 3 page fax             at 2014-08-01 10:55:05. * The
reference number for this fax is p2_did1-4724072401-8195088665-159.       Thank you for
using the eFax Corporate service!        2014 j2 Global, Inc. All rights reserved. eFax
Corporate is a registered trademark of j2 Global, Inc. This account is subject to the
terms listed in the         eFax Corporate Customer Agreement.  

Attached is an archive file Fax_912_391233111_941.zip which in turn contains a malicious executable Fax_912_391233111_941.scr which has a VirusTotal detection rate of 10/54.

The Comodo CAMAS report shows the malware reaching out to the following locations:

94.23.247.202/0108us1/SANDBOXA/0/51-SP2/0/
94.23.247.202/0108us1/SANDBOXA/1/0/0/
theyungdrungbon.com/wp-includes/images/0108us1.zip
101romanticcheapdates.com/wp-includes/images/0108us1.zip

Recommended blocklist:
94.23.247.202
theyungdrungbon.com
101romanticcheapdates.com

1 comment:

marc sobul said...


There are two simple ways to identify this email is fake:

A real eFax notification is only sent to eFax subscribers. If you don't subscribe to eFax, it's fake.

A real eFax notification will include a fax attachment. Not a link.