Monday, 12 January 2015

eFax message from "unknown" malware

eFax message from "unknown" malware is now arriving with a dangerous zip attachment... (You have received a 1 page fax):

Headers:
Date: Mon, 12 Jan 2015 23:05:03 +0800
From: "eFax"
Subject: eFax message from "unknown" - 1 page(s), Caller-ID: 1-653-767-7935
Message body:
Fax Message [Caller-ID: 1-653-767-7935]
You have received a 1 page fax at Mon, 12 Jan 2015 23:05:03 +0800.
* The reference number for this fax is atl_did1-1400166434-08802401438-231.

View this fax using your PDF reader.

Please visit www.efax.com/en/online_fax_FAQ if you have any questions regarding this message or your service.

Thank you for using the eFax service!
The link in the email takes you to a website, which:

a) Kindly tells you...
JUST UNZIP AND OPEN IN YOUR PDF READER


Nice and helpful....

b) Auto-downloads a zip file... On the Windows machine, Inside the zip, is Windows executable:
pdf_efax_12986502-01-12.pif

Virus Scanner Reports:
Md5 Hash:  aca37373abb0b0f49795b404683b8e8b
VirusTotal Report: [1] (2/56 scanners report a hit)
Malwr Report


Cheers,

Steve
Sanesecurity.com

No comments: