This somewhat mangled spam has a malicious attachment:Date: Fri, 1 Aug 2014 09:45:45 -0700 [12:45:45 EDT]
From: eFax Corporate [message@inbound.efax.com]
Subject: Corporate eFax message from "unknown" - 3 page(s)
You have received a 3 page fax at 2014-08-01 10:55:05. * The
reference number for this fax is p2_did1-4724072401-8195088665-159. Thank you for
using the eFax Corporate service! 2014 j2 Global, Inc. All rights reserved. eFax
Corporate is a registered trademark of j2 Global, Inc. This account is subject to the
terms listed in the eFax Corporate Customer Agreement.
Attached is an archive file Fax_912_391233111_941.zip which in turn contains a malicious executable Fax_912_391233111_941.scr which has a VirusTotal detection rate of 10/54.
The Comodo CAMAS report shows the malware reaching out to the following locations:
94.23.247.202/0108us1/SANDBOXA/0/51-SP2/0/
94.23.247.202/0108us1/SANDBOXA/1/0/0/
theyungdrungbon.com/wp-includes/images/0108us1.zip
101romanticcheapdates.com/wp-includes/images/0108us1.zip
Recommended blocklist:
94.23.247.202
theyungdrungbon.com
101romanticcheapdates.com
1 comment:
There are two simple ways to identify this email is fake:
A real eFax notification is only sent to eFax subscribers. If you don't subscribe to eFax, it's fake.
A real eFax notification will include a fax attachment. Not a link.
Post a Comment