MX Lab just intercepted some samples of a new trojan attached to emails with the subject “You’ve got a fax”. The body of the message contains an embedded JPEG file and attached a ZIP file.
The ZIP file has the name eFax39106.zipand it contains the 40 kB large file efax871291.exe – please note that the numbers may vary.
The following files are installed on the infected system:
The following registry key is created:
The following registry key is modified:
At the time of writing, only 5 of the 43 AV engines at Virus Total did detect the trojan. The trojan is known as Gen:Trojan.Heur.FU.cC0@a4DqMHii (BitDefender), W32/Trojan3.BZM (F-Prot) or W32/Obfuscated.BQ!genr (Norman).
Virus Total permlink and MD5: f4dd8d5788d0f227bc51cd28b5892561.