Security Researchers Detect Fake ‘eFax Corporate’ Messages Online

Cyber crooks are applying multiple social engineering tricks in combo for deceiving end-users into clicking on malware-laced e-mails, state researchers from Avira a security company. Actually, Avira's researchers have identified a wave of e-mails, which seem as arriving from Craiglist although dispatched through eFax Corporate a global leader in aiding commercial enterprises issue digital faxes.

And though not really related to eFax or Craiglist, the fake e-mails tell recipients that there's one fax of 24 pages for them.

But, according to the researchers, the attachment rather than being the fax is one HyperText Markup Language (HTML) file that carries one malevolent JavaScript. If run, this script pulls down malicious software on the victim's PC.

Reportedly, Avira detected this malicious software as JS/Column.EB.18 and HTML/Redir.EB.8.

Plentiful fake eFax e-mails since long could be seen circulating across the Internet, and now seemingly, the spam wave continues to plague vehemently, the researchers remark.

This remark of the researchers even gets the backing of one other spam outbreak that GFI Software discovered. Those spam messages too posed as being sent from eFax while containing harmful attachments consisting of one Pony downloader, which installed Trojan ZeuS onto the affected computers. Simultaneously, the attachments as well led users onto several hijacked websites hosting bogus updates for Adobe's Flash Player for actually so deceiving the unwitting that they'd willingly take down various malicious programs onto their PCs.

Apparently, the Pony installer installed Zeus, malware that stole banking information, onto the infected machine just as the spam mail's attachment was opened. In the meantime, the Pony installer started filching passwords associated with FTP (file transfer protocol) from the target system and communicated them back to one malevolent website harboring the bogus Flash installer. The particular scam follows as the latest one since previously in January 2013 when people were being defrauded via one bogus Chrome installer. At that time GFI Labs found that the web-domain harbored BlackHole version 2.0, Medfos an online search compromiser, a rootkit called Simda, along with WinWeb a fake anti-virus malware, besides ZeuS. The domain further supported no less than 5 other hijacked websites, found GFI Labs.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 1/31/2013