New incoming fax message is actually malware - be on your guard!

Filed Under: Featured, Malware, Spam

Fax machine. Image from ShutterstockComputer users are warned to be on the lookout for messages in their email inbox, claiming to be an incoming fax.

I can't remember the last time I used a fax machine.

The one which until recently sat in the corner of the Naked Security office was certainly unloved by all, only seeming to find a purpose to its sorry existence when junk faxers would trouble it with their unwanted marketing messages and spams.

(What always irritated me about junk fax was that it was *our* paper and *our* ink that was being used by the lowlife arsehats who sent them against *our* wishes).

junk-fax

But even though you may no longer regularly interact face-to-face with a fax machine, it doesn't mean that fax machines have completely disappeared from your life.

Modern fax machines are connected to corporate networks, and you can send a fax (if you wish) just by forwarding a message to a fax gateway, or receive electronic faxes in your inbox from the outside world.

And that's why you have to keep your eyes peeled for threats like the ones we are seeing this morning.

Fax email malware

The above email claims to have been sent by an online fax service called DuoFax. However, the sender's email address has been forged, and DuoFax has nothing to do with these messages - in many ways they are actually also victims as their brand is being tarnished by cybercriminals.

Here's an example of a slightly different email we have seen spammed out in the same malware campaign today:

Fax email malware. Another example

Attached to the emails is a file called fax[random number].zip, which itself contains an executable file called fax01001_DIGIT[5]_.exe

Sophos security products detect the .EXE file as a Trojan horse, Troj/FakeAV-GNL.

You should always be suspicious of unsolicited emails, particularly if they contain unexpected attachments or links to websites. Online criminals are getting more and more crafty in the disguises they wear and social engineering tricks they deploy, with the intention of infecting your computer with malware.

Image of Old fax machine courtesy of Shutterstock.

, , ,

You might like

6 Responses to New incoming fax message is actually malware - be on your guard!

  1. daniellynet · 358 days ago

    I always check the message source for spam mails I am in doubt with.
    Usually a dead give away.

  2. docrighteous · 358 days ago

    My faxes come as .pdf files, not .zip files. I would hope that would be my first clue. But it probably wouldn't, especially if I were tired or distracted, so thanks for the heads-up! Also, note that the one that says it comes from an 800 # doesn't have enough digits in the originating phone number.

  3. Christine · 358 days ago

    I've had emails like these dropping into my inbox off and on over the last few months. There are also other, similar one's, masquerading as Xerox printer reports but, since I don't have a Xerox printer, I've ignored these as a minor irritation.

  4. Sam · 358 days ago

    Many users will have a multi-function printer that includes a fax capability. It's very tempting to route your phone line through it in the pursuit of the extra functionality, but if you don't use it then I suggest you do as I have and remove the phone line from the printer!

  5. Lee · 356 days ago

    I had one of these duo faxes. I deleted it without looking as I wasn't expecting a fax. Looked like spam

  6. Hank Arnold · 354 days ago

    Fax machines are still extremely prevalent in the Healthcare industry. At the Hospice I support, we send and receive dozens of faxes every day from Doctors' offices as well as hospitals and nursing homes. Like it or not, faxes are still the most secure way to get PHI to someone.

    Hank Arnold (MVP)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.