“You’ve got an eFax!”
Spam emails are nothing new and unfortunately most internet users are confronted with them daily. Their purposes vary from simply promoting a site or product, to phishing and downright infecting a computer. Today we received a particular nasty, but at the same time convincing-looking email, claiming to be from eFax.
Convincing at first sight, but when looking a little closer it becomes clear that this is nothing more than an attempt to have the reader open a supposed PDF document.
When looking at the email source the following is listed:
From: "eFax Corporate" <B50EBABBC@verzekeringshuis.be>Subject: Corporate eFax message
According to the (legitimate) eFax website FAQ:
When someone sends you a fax, the message is delivered to the email address on your account.
- Faxes will come from the email address firstname.lastname@example.org.
- The subject line of your email will be “Fax Received From (Fax Number)”.
This may look like a PDF file, but look at the icon. That is the default executable (.exe) file icon. A simple file properties check shows that this is indeed the case.
A .exe file trying to look like a .pdf file is by its very definition suspicious, which was confirmed when upon execution ZeuS was downloaded and loaded on the system. This trojan is known for its info-stealing capacity (especially banking information). Emsisoft Anti-Malware detects the associated files as Trojan.Win32.Zbot.
To remove this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to quarantine. Our experts in the “Help, my PC is infected!” Emsisoft Forum are always ready and willing to offer additional help. The removal service is absolutely free even if you are not an Emsisoft customer yet.
Linux Rescue CD: a help or a hinderance?