These fake eFax spams are getting a bit dull. As you might expect, this one comes with a malicious attachment.
Date: Tue, 3 Dec 2013 15:15:03 -0800 [18:15:03 EST]
From: eFax Corporate [message@inbound.efax.com]
Subject: Fax transmission: -5219616961-5460126761-20130705352854-84905.zip
Please find attached to this email a facsimile transmission we have just received on your behalf
(Do not reply to this email as any reply will not be read by a real person)
Attached is a ZIP file which in this case is called
-2322693863-6422657608-20130705409306-09249.zip (with a VirusTotal detection rate of
6/48) which in turn contains a malicious executable
fax-report.exe which has an icon that makes it look like a PDF file and has a VirusTotal detection rate of
4/48.
Automated analysis tools
[1] [2] [3] show an attempted communication with
tuhostingprofesional.net on
188.121.51.69 (GoDaddy, Netherlands) which contains about 8 legitimate domains which may or may not have been compromised.
No comments:
Post a Comment