14 DAY TRIAL // A new “incoming fax report” spam campaign has been launched by cybercriminals. According to experts, there are at least two types of emails currently being used to distribute malware.
One type of scam email has been spotted by researchers from MX Lab. The fake incoming fax notifications appear to come from a Xerox WorkCentre device and they carry a malicious attachment. The attached zip file hides a Trojan downloader that’s designed to retrieve other malware from the Web.
The spam run analyzed by Conrad Longmore of Dynamoo’s Blog is similar. However, the phony incoming fax reports don’t have attachments. Instead, they contain links that point to malware-serving websites.
The email found by Longmore points to a compromised website from which users are redirected to a hijacked GoDaddy domain that’s set up to serve malware.
Users are advised to be cautious if they come across such emails.