e-faxes are once again making the rounds as a malware conduit, this time spreading the dreaded CryptoLocker ransomware.
Since 2013, the CryptoLocker malware and its variants have been targeting computers running Microsoft Windows, and has become wildly popular with criminals because it’s almost impossible to recover from.
A phishing attack is sending random emails to businesses and consumers across the globe with attachments marked as a fax. The subject of the email is basic (i.e., “You have new fax, document 00359970”) and the content of the email looks like a regular e-fax message. It’s such an innocuous approach that people both often open the email and then click on the attachment to view the “fax.”
“What makes this new malware strain unique is that it is actually a two-part malware system that runs both an executable file and a batch file running together,” said researchers at the Comodo Threat Research Labs, in a blog. “The scripts are broken down into separate executables, making the size of the encrypting executable less than 3KB—which allows the file size to pass through many security layers.”
The fact that the approach shows innovation means that the cyber-criminals are dedicating a large amount of testing, research, analysis and programming to their efforts, the analysis pointed out.
“Taking an older technology idea like the e-fax and using it with an updated code and malware strain like CryptoLocker is bringing two schools of thought together,” said Fatih Orhan, Comodo’s director of technology and lead for the Comodo Threat Research Lab. “The cyber-criminals are continuing to try and take advantage of businesses and consumers so the word of caution to the public is beware of what you click on in an email like this—it may come with serious consequences.”
A report from Proofpoint recently found that cyber-criminals have rapidly adapted their phishing campaigns over the past year or so, abandoning social media lures in favor of a new focus on business users with communication notification templates. Out of these so-called “communication notification” phishing emails, voicemail and fax notifications are the most common.
Photo © Voronin 76