RapidFAX And eFax Inbound Fax Emails Attached ZIP File Contains Trojan

Dec 5, 2012 | comments

Inbound Fax,RapidFAX: Inbound Fax,RapidFax: New Inbound Fax

ALERT : If you come across an email entitled “Inbound Fax,”eFax, “RapidFAX: Inbound Fax” or “RapidFax: New Inbound Fax” in your inbox, don’t open the attachment it contains since it hides a new variant of a Trojan.

The messages, which purport to come from reports@rapidfax.com, contain information such as MCFID, the time at which it was received, fax number, ANI, number of pages, CSID, and the fax status code.
They only inform recipients that “a fax have been received” and urge them not to reply to the email.

The attached ZIP file has the name rapidfax-E4C935577EDD.zip and contains the  117 kB large file RapidFAX_MCID_000_LOTS_OF_NUMBERS__13341.pdf.exe.

Malware is identified as TR/Dldr.Kryptik.H, Trojan.Generic.8337227, Win32/Kryptik.APZB or Trojan-PSW.Win32.Tepfer.cqaj, depending on the antivirus vendor. 
The trojan is also known as UDS:DangerousObject.Multi.Generic or Trojan.Lameshield.

                                                Virus Total Analysis Here

This isn’t the only spam campaign that relies on bogus fax messages. Emails pretending to come from eFaxCorporate are also making the rounds these days.

eFax email,eFax attached ZIP file contains trojan

The emails appear to come from messages@inbound.efax.com (the default eFax account) and they’re entitled “Corporate eFax message – (xyz) pages .
Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger