Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Bogus efax E-Mails Spread Trojan

According to MX Lab the Internet security company, fresh contaminated e-mails have been found delivering a PC Trojan in the name of a fax document, which seems to be sent from the online fax facility 'eFax.'

The fake e-mails show the header "You've got fax" and the sender's address spoofed as efax@efax.com. Additionally, they carry the slogan and logo of eFax, while stating that there's an attached file containing the fax document.

The attachment is called "eFax39106.zip" while it carries a 40KB-sized executable file called efax871291.exe that's infected with a Trojan named TrojanDropper:Win 32/Oficla.T.

In case a user opens this attachment, twin malevolent files "%System%\fvfj.sxo" and "%Temp%\1.tmp" get planted on the contaminated PC. Besides, a registry entry is created that's named "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\idid" while another one named "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell =" is recreated.

Meanwhile, in spite of the small number of detections classifying the threat with generic names, still according to some other reports the malware is a variant of Oficla. This Trojan (Oficla) came into the scene only during 2010 early part and since then has been running strong.

Criminals use spam mails to disseminate Oficla, while spoofing established companies like DHL or other legitimate organizations as a way to hide the Trojan's real intent.

Moreover, Oficla is also utilized to disseminate other malware. Hence, when computer users get victimized with this Trojan, they contact multiple infections. These kinds of actions concentrate on pay-per-install operations that generate illicit income on a continuous basis and hence are very common among cyber-criminals.

The most disturbing aspect is that just 5 anti-virus engines out of the total 43 were able to spot the Trojan. Security firms BitDefender has named it Gen:Trojan.Heur.FU.cC0@a4DqMHii, Norman -W32/Obfuscated.BQ!genr and F-Prot - W32/Trojan3.BZM.

Advise the security specialists that users must wholly erase these e-mails in case they arrive in their inboxes. Actually, these are intimidating only when their .zip attachment is opened and the associated file executed, they say. Besides, users are also suggested that they must remain vigilant by carefully reading the messages and thinking judiciously prior to clicking on links, while necessarily deploy a legitimate anti-virus solution that's kept up-to-date.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 25-09-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next