Spam emails are nothing new and unfortunately most internet users are confronted with them daily. Their purposes vary from simply promoting a site or product, to phishing and downright infecting a computer. Today we received a particularly nasty, but at the same time convincing-looking email, claiming to be from eFax:
Convincing at first sight, but when looking a little closer it becomes clear that this is nothing more than an attempt to have the reader open a supposed PDF document.
When looking at the email source the following is listed:
From: "eFax Corporate" <B50EBABBC@verzekeringshuis.be>Subject: Corporate eFax message
According to the (legitimate) eFax website FAQ:
When someone sends you a fax, the message is delivered to the email address on your account.
- Faxes will come from the email address message@inbound.efax.com.
- The subject line of your email will be “Fax Received From (Fax Number)”.
But there is more…
This may look like a PDF file, but look at the icon. That is the default executable (.exe) file icon. A simple file properties check shows that this is indeed the case.
A .exe file trying to look like a .pdf file is by its very definition suspicious, which was confirmed when, upon execution, the ZeuS trojan was downloaded and loaded on the system. This trojan is known for its info-stealing capacity (especially banking information). Emsisoft Anti-Malware detects the associated files as Trojan.Win32.Zbot.
To remove this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to quarantine. Our experts in the “Help, my PC is infected!” Emsisoft Forum are always ready and willing to offer additional help. The removal service is absolutely free even if you are not an Emsisoft customer yet.
Have you received a dubious efax or infected by a scam pretending to be a digital fax? Let us know in the comments and any other tips you’d like to share!