Spoofed RapidFax Email with Trojan Attached
If you receive an e-mail message from [RapidFAX Notifications reports@rapidfax.com] with the subject "Inbound Fax", please do not open the attached zip file because it is a Trojan. This spoofed e-mail message is not from RapidFax and is being used to try and trick persons into infecting their computers with a Trojan known as UDS:DangerousObject.Multi.Generic or Trojan.Lameshield.
RapidFax.com allows you to send and receive fax without a fax machine via e-mail.
If you are not a RapidFax customer and you received this e-mail message, this is the first sign that this e-mail is malicious. However, if you are a RapidFax customer, you should not click on any link or open any attachment in any e-mail message but instead, go to RapidFax.com, login from there and view your faxes.
The malicious attached zip file has name the rapidfax-E4C935577EDD.zip and when uncompressed or unzipped contains the Trojan with the name RapidFAX_MCID_000_ LOTS_OF_NUMBERS__13341.pdf.exe
This is how the malicious spoofed RepaidFax e-mail looks:
From: RapidFAX Notifications - reports@rapidfax.com
Subject: Inbound Fax
A fax has been received.
MCFID = 15565117
Time Received = Mon, 03 Dec 2012 08:13:12 -0300
Fax Number = 1851205814
ANI = 1290610748
Number of Pages = 10
CSID = 38729681781
Fax Status Code = Successful
Please do not reply to this email
RapidFAX Customer Service
www.rapidfax.com
©2012 j2 Global, Inc. All rights reserved. RapidFAX is a registered trademark.
Check the comment section for additional information, or share what you know or ask a question about this article, by clicking the 'View or Write Comment' button below.
Note: Some of the information in samples on this website may have been impersonated or spoofed.