New incoming fax message is actually malware - be on your guard!

Filed Under: Featured, Malware, Spam

Fax machine. Image from ShutterstockComputer users are warned to be on the lookout for messages in their email inbox, claiming to be an incoming fax.

I can't remember the last time I used a fax machine.

The one which until recently sat in the corner of the Naked Security office was certainly unloved by all, only seeming to find a purpose to its sorry existence when junk faxers would trouble it with their unwanted marketing messages and spams.

(What always irritated me about junk fax was that it was *our* paper and *our* ink that was being used by the lowlife arsehats who sent them against *our* wishes).


But even though you may no longer regularly interact face-to-face with a fax machine, it doesn't mean that fax machines have completely disappeared from your life.

Modern fax machines are connected to corporate networks, and you can send a fax (if you wish) just by forwarding a message to a fax gateway, or receive electronic faxes in your inbox from the outside world.

And that's why you have to keep your eyes peeled for threats like the ones we are seeing this morning.

Fax email malware

The above email claims to have been sent by an online fax service called DuoFax. However, the sender's email address has been forged, and DuoFax has nothing to do with these messages - in many ways they are actually also victims as their brand is being tarnished by cybercriminals.

Here's an example of a slightly different email we have seen spammed out in the same malware campaign today:

Fax email malware. Another example

Attached to the emails is a file called fax[random number].zip, which itself contains an executable file called fax01001_DIGIT[5]_.exe

Sophos security products detect the .EXE file as a Trojan horse, Troj/FakeAV-GNL.

You should always be suspicious of unsolicited emails, particularly if they contain unexpected attachments or links to websites. Online criminals are getting more and more crafty in the disguises they wear and social engineering tricks they deploy, with the intention of infecting your computer with malware.

Image of Old fax machine courtesy of Shutterstock.

, , ,

You might like

10 Responses to New incoming fax message is actually malware - be on your guard!

  1. daniellynet · 894 days ago

    I always check the message source for spam mails I am in doubt with.
    Usually a dead give away.

    • Melanie · 251 days ago

      I can't remember - what's the fastest way to do this? Thanks.

  2. docrighteous · 894 days ago

    My faxes come as .pdf files, not .zip files. I would hope that would be my first clue. But it probably wouldn't, especially if I were tired or distracted, so thanks for the heads-up! Also, note that the one that says it comes from an 800 # doesn't have enough digits in the originating phone number.

    • RG · 474 days ago

      The latest version as of June 2014 shows the attachment with an extension of .pdf. Viewing the full email shows it is in fact a .zip
      They are getting more clever every day.

  3. Christine · 894 days ago

    I've had emails like these dropping into my inbox off and on over the last few months. There are also other, similar one's, masquerading as Xerox printer reports but, since I don't have a Xerox printer, I've ignored these as a minor irritation.

  4. Sam · 894 days ago

    Many users will have a multi-function printer that includes a fax capability. It's very tempting to route your phone line through it in the pursuit of the extra functionality, but if you don't use it then I suggest you do as I have and remove the phone line from the printer!

  5. Lee · 893 days ago

    I had one of these duo faxes. I deleted it without looking as I wasn't expecting a fax. Looked like spam

  6. Hank Arnold · 891 days ago

    Fax machines are still extremely prevalent in the Healthcare industry. At the Hospice I support, we send and receive dozens of faxes every day from Doctors' offices as well as hospitals and nursing homes. Like it or not, faxes are still the most secure way to get PHI to someone.

    Hank Arnold (MVP)

  7. Sean · 146 days ago

    I received one sent from a hotmail address entitled Fax #O2n5Ji0fxsX

    It was a zipped file but when I scanned it using my currrent AV Software it didn't find anything.

    I've deleted it just in case but cuirious as to why it passed a brief scan.

  8. John · 139 days ago

    I opened one by accident on my I at risk?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley