Sanesecurity ClamAV blog: zero hour malware, phishing and scams: eFax message from "unknown" malware

Monday, 12 January 2015

eFax message from "unknown" malware

eFax message from "unknown" malware is now arriving with a dangerous zip attachment... (You have received a 1 page fax):

Headers:

Date: Mon, 12 Jan 2015 23:05:03 +0800
From: "eFax"
Subject: eFax message from "unknown" - 1 page(s), Caller-ID: 1-653-767-7935

Message body:

Fax Message [Caller-ID: 1-653-767-7935]

You have received a 1 page fax at Mon, 12 Jan 2015 23:05:03 +0800.

* The reference number for this fax is atl_did1-1400166434-08802401438-231.

View this fax using your PDF reader.

Please visit www.efax.com/en/online_fax_FAQ if you have any questions regarding this message or your service.

Thank you for using the eFax service!

The link in the email takes you to a website, which:

a) Kindly tells you...

JUST UNZIP AND OPEN IN YOUR PDF READER

Nice and helpful....

b) Auto-downloads a zip file... On the Windows machine, Inside the zip, is Windows executable:

pdf_efax_12986502-01-12.pif

Virus Scanner Reports:

Md5 Hash: aca37373abb0b0f49795b404683b8e8b
VirusTotal Report: [1] (2/56 scanners report a hit)
Malwr Report

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Monday, 12 January 2015

eFax message from "unknown" malware

No comments: