Spoofed RapidFax Email with Trojan Attached

Spoofed RapidFax Email with Trojan Attached

If you receive an e-mail message from [RapidFAX Notifications reports@rapidfax.com] with the subject "Inbound Fax", please do not open the attached zip file because it is a Trojan. This spoofed e-mail message is not from RapidFax and is being used to try and trick persons into infecting their computers with a Trojan known as UDS:DangerousObject.Multi.Generic or Trojan.Lameshield.

RapidFax.com allows you to send and receive fax without a fax machine via e-mail.

If you are not a RapidFax customer and you received this e-mail message, this is the first sign that this e-mail is malicious. However, if you are a RapidFax customer, you should not click on any link or open any attachment in any e-mail message but instead, go to RapidFax.com, login from there and view your faxes.

The malicious attached zip file has name the rapidfax-E4C935577EDD.zip and when uncompressed or unzipped contains the Trojan with the name RapidFAX_MCID_000_ LOTS_OF_NUMBERS__13341.pdf.exe

This is how the malicious spoofed RepaidFax e-mail looks:

From: RapidFAX Notifications - reports@rapidfax.com

Subject: Inbound Fax  

A fax has been received.

MCFID = 15565117

Time Received = Mon, 03 Dec 2012 08:13:12 -0300

Fax Number = 1851205814

ANI = 1290610748

Number of Pages = 10

CSID = 38729681781

Fax Status Code = Successful

Please do not reply to this email

RapidFAX Customer Service

www.rapidfax.com

©2012 j2 Global, Inc. All rights reserved. RapidFAX is a registered trademark.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Was this article helpful?  +
Share this with others:
Donate

Comments, Questions, Answers, or Reviews

There are no comments as yet, please leave one below or revisit.

To protect your privacy, please remove sensitive or identifiable information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

Write Your Comment, Question, Answer, or Review

Spoofed RapidFax Email with Trojan Attached