MX Lab just intercepted some samples of a new trojan attached to emails with the subject “You’ve got a fax”. The body of the message contains an embedded JPEG file and attached a ZIP file.
It looks like it is sent from the online service eFax (http://www.efax.com) but it’s not. The email address efax@efax.com is spoofed.
The ZIP file has the name eFax39106.zipand it contains the 40 kB large file efax871291.exe – please note that the numbers may vary.
At the time of writing, only 5 of the 43 AV engines at Virus Total did detect the trojan. The trojan is known as Gen:Trojan.Heur.FU.cC0@a4DqMHii (BitDefender), W32/Trojan3.BZM (F-Prot) or W32/Obfuscated.BQ!genr (Norman).
Virus Total permlink and MD5: f4dd8d5788d0f227bc51cd28b5892561.
View full post on mxlab – all about anti virus and anti spam
Related Posts
- New trojan with “You’ve got a fax” emails
MX Lab, http://www.mxlab.eu, just intercepted a new trojan attached to emails with the subject “You’ve got a fax”. The body of the message contains an embedded JPEG file and attached... - Emails regarding an attached resume contains a trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email regarding a resume. The following subjects are possible:
Attached please find.
Here’s the file you w... - “New Facebook password!” emails contains W32/Oficla.BC trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “New Facebook password!”
The email is send from the spoofed address “&#... - Emails with 30-day trials of McAfee VirusScan Plus contains trojan
MX Lab intercepted emails with the subject “McAfee VirusScan Plus” that contains a virus. The from address is in the format “xxx.be Member Services” <support@xxxxx.be> bu... - Emails with the subject “UPS INVOICE NR9094991″ and “Delivery Problem NR2204780″ contains trojan
A combination of the “Thank you for buying iTunes Gift Certificate!” and the latest UPS related emails with subjects like “UPS INVOICE NR9094991″ or ”Delivery Problem NR... - “Facebook Support. Your password has been changed!” contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Facebook Support. Your password has been changed! ID09687″. Note that the nu... - “United Parcel Service notification 48161” from UPS contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan variant distribution campaign by email with the subject “United Parcel Service notification 48161”, where the number in the subject may v... - Email with new password from Facebook Support contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the message that your facebook account has been blocked because of spam that was sent from your accou... - New Oficla trojan in emails with subject “Your facebook password has been changed”
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your facebook password has been changed″
The email is send from the spoofed address “You... - Email with Guys & Dolls ZIP file contains trojan
MX Lab intercepted some emails with the subject “Ad third try” with attached a ZIP file named Guys & Dolls_displayad.zip.
The message comes from a spoofed email address and has the fol...
Posted on 14 September 2010. Tags: “You’ve, contains, efax youve got a fax, efax871291 exe, emails, fax”, Trojan, youve got a fax
I have one from efax@efax.com
Efax show that emails will come from inbound@efax.com and file attachments are either their own format or as pdf or tif.
Thye attchment to mine is 21kb eFAX64328.zip