Vast email malware outbreaks – efaxCorporate and Xerox copiers

Wednesday the 24th saw huge of amounts of email-attached malware distributed – all with an “office” theme. The attacks pushed the amount of email up by several hundred percent and totaled near five billion emails sent worldwide. 

The first part of the day saw emails describing an attachment as being the scan from a Xerox Workcenter. This is not a new ploy – we described one of these in detail in February last year. Last year’s version was an actual PDF file with an embedded malicious script. Yesterday’s file was a zipped executable.

The second part of the attack moved on to eFaxCorporate, announcing the arrival of a (21 page) fax message. Once again the attachment was an executable file pretending to be a PDF. The file is detected as W32/Trojan2.NTLB by Commtouch’s Antivirus. The malware scans the infected system for FTP programs – no doubt looking for FTP credentials that can be stolen to access and compromise Web servers (which can then be used to serve malware links).