Incoming Fax Email Virus / Malware Alert

We're blocking a dangerous spam attack this morning that includes an attachment called IncomingFax.zip. The attachment is reported to be a trojan horse that hides on infected machines, bypasses SSL, steals online banking information and more. Do not download or click on the attachment. If you see one of these, notify your IT department or contact your antispam provider immediately.

About the Incoming Fax Email

This is only the latest wave of spam containing a variant of the notorious ZeuS banking malware. Known as DYREZA, it is usually delivered via an email attachment and the message uses social engineering designed to trick the victim into opening the attachment. In the past it has posed as an invoice. Here's an example of this morning's campaign.

Subject: Incoming Fax ********************************************************* INCOMING FAX REPORT ********************************************************* Date/Time: Tue, 10 Mar 2015 18:03:22 +0700 Speed: 4759bps Connection time: 05:02 Pages: 2 Resolution: Normal Remote ID: 449-435-3497 Line number: 2 DTMF/DID: Description: Internal only To download / view please download attached file *********************************************************

About the DYREZA Virus / Trojan

The DYREZA malware is reported to be a trojan and is considered a very serious risk. It compromises the affected machine in various ways to access the user's banking and other account information. It can perform online man-in-the-middle attacks (like electronic eavesdropping), record browser activity, steal security certificates and login credentials, and track where users go online.

Bypassing Anti-Virus Software

The variant we blocked this morning was still only being recognized by 6 out of 57 anti-virus scanners about 90 minutes after the attack ended. That's why it's important to use a Cloud-based email spam filter that's constantly-updated. Anti-virus programs, while still important, simply cannot keep up with the pace of these rapidly changing email-borne threats because they only look at the downloaded file to determine if it is malware.

Cloud anti-spam can examine the entire delivery mechanism, such as the email header and message, to look for malicious clues. It can also detect spammy global traffic patterns and can update almost continuously. Our professional threat analysts work 24/7/365 to identify new threats and update the SpamStopsHere database every two minutes. Many businesses and IT department cannot provide that level of protection on their own, try as they may. We've heard that even popular antispam appliances are only updated every 45 minutes - and only after letting threats onto your network. Cloud antispam blocks them in the Cloud, far away from your infrastructure.

eFax, Cryptolocker and other email-borne threats.

Cloud-based anti-spam can examine the whole delivery mechanism, not just the attachment, to detect rapidly changing threats better than traditional anti-virus software.

See our recent blog article for more information about the advantages of Cloud antispam for protection against email-based threats.

About SpamStopsHere

SpamStopsHere blocks email spam in the Cloud 24/7/365. It blocks 99.5% of spam with fewer than 0.001% false positives. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service. No user tuning is required and there is no learning period.

It also provides zero-day protection against email born threats like Cryptolocker and other viruses, trojans, etc. Because it works in the Cloud, spam filtering updates take effect immediately without the user downloading or installing anything.

If you're having trouble keeping up with these threats, consider trying SpamStopsHere FREE for 30 days.

Click here for more about SpamStopsHere and our 24/7/365 live support

Marks used in this article are the properties of their respective owners. This article is for informational purposes. No endorsement by third parties is implied and none should be inferred.