RapidFax Alert with attached ZIP file contains trojan

December 4, 2012 4 Comments


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects:

Inbound Fax
RapidFAX: Inbound Fax
RapidFax: New Inbound Fax

The email is send from the spoofed address “RapidFax Alert” and has the following body:

The attached ZIP file has the name rapidfax-E4C935577EDD.zip and contains the  117 kB large file RapidFAX_MCID_000_LOTS_OF_NUMBERS__13341.pdf.exe.

The trojan is known as UDS:DangerousObject.Multi.Generic or Trojan.Lameshield.

At the time of writing, only 2 of the 46 AV engines did detect the trojan at Virus Total.

Virus Total permalink and SHA256: 67e706acd75e84d5ed4590baf15161281dce174a897512f2216e2330353e7001.

Filed under Malware, Viruses Tagged with , , , ,

4 Responses to RapidFax Alert with attached ZIP file contains trojan

  1. Tera says:
    December 5, 2012 at 1:41 am

    I just received one of these emails today and the sender address was RapidFAX Notifications . The attachment did not come through even though it looks like it has one in my inbox.

    Reply

  2. Pingback: RapidFax Malware Email - Online lottery ticket sales | Online lottery ticket sales

  3. Nguyễn Quốc Bảo says:
    December 6, 2012 at 3:58 am

    You can upload it to form??

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 165 other followers

%d bloggers like this: