Sponsored by..

Tuesday 3 December 2013

Another day, another fake eFax spam

These fake eFax spams are getting a bit dull. As you might expect, this one comes with a malicious attachment.

Date:      Tue, 3 Dec 2013 15:15:03 -0800 [18:15:03 EST]
From:      eFax Corporate [message@inbound.efax.com]
Subject:      Fax transmission: -5219616961-5460126761-20130705352854-84905.zip

Please find attached to this email a facsimile transmission we have just received on your behalf

(Do not reply to this email as any reply will not be read by a real person) 
Attached is a ZIP file which in this case is called -2322693863-6422657608-20130705409306-09249.zip (with a VirusTotal detection rate of 6/48) which in turn contains a malicious executable fax-report.exe which has an icon that makes it look like a PDF file and has a VirusTotal detection rate of 4/48.

Automated analysis tools [1] [2] [3] show an attempted communication with tuhostingprofesional.net on 188.121.51.69 (GoDaddy, Netherlands) which contains about 8 legitimate domains which may or may not have been compromised.

No comments: