Another tired old spam template leading to malware..From: eFax Corporate [message@inbound.efax.com]
Date: 25 July 2014 14:25
Subject: eFax message - 4 pages
Fax Message [Caller-ID: 948-468-7596]
You have received a 4 pages fax at 2014-07-25 13:24:21 GMT.
* The reference number for this fax is latf1_did11-1187609582-1911573644-58.
View this fax using your PDF reader.
Click here to view this message
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Home | Contact | Login |
Powered by j2
2014 j2 Global Communications, Inc. All rights reserved.
eFax is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.
In this case the link in the email goes to verzaoficial.com/css/fax_390392029_072514.exe which downloads a file with a VirusTotal detection rate of just 1/45. Automated analysis [pdf] is fairly inconclusive as to what it does.
4 comments:
so what can we do to filter/block them without blocking our actual efax emails?
You should be able to block .scr files and block it. It shows the icon of a PDF file but it's actually a .scr file (an executable screensaver)
Also,
If the domain is the same as the one we got, if you have a web filter you could block http://sendgrid.org (the legit site is sendgrid.com)
A real fax notification from eFax would include a Fax attachment as a PDF, TIFF or EFX. The email wouldn't contain a (fake) link to read the fax.
Post a Comment