Sep 14, 2010 10:55 GMT  ·  By

Security researchers warn of new infected emails trying to pass a computer trojan for an electronic fax document allegedly sent by eFax.

The rogue emails come with a subject of "You've got fax" and have a spoofed From field in order to appear as if they originate from an [email protected] address.

The messages bear the logo and slogan of a legit Internet faxing service called eFax and claim that "The fax message is attached to this e-mail."

The attachment is an archive called eFAX#####.zip, where # stands for a single random digit, which contains a similarly named executable file.

Running this file installs a computer trojan, which according to Belgian email security provider MX Lab, has a low detection rate.

Even though the few detections available on VirusTotal list generic names for this threat, other reports claim it is an Oficla variant.

Oficla is a relatively new trojan, which appeared earlier this year and has been particularly active lately.

It is usually distributed through spam emails that impersonate known organizations such as the DHL.

It's also worth noting that Oficla is usually used as a distribution platform for other malware. Therefore users who fall victim to this threat will most likely end up with multiple infections on their computers.

This sort of operations focused on pay-per-install services are popular with cybercriminals, as they provide a constant flow of illicit income.

The usual customers for these businesses are the people behind rogue antivirus programs, commonly referred to as scareware, who steal money from users by tricking them into paying license fees for useless applications.

Users are advised to exercise increased caution when opening attachments received via email, even if the messages appear to come from friends or otherwise trusted companies.

Even if an antivirus program does not detect a file as malicious, it's still better to check it with a multi-engine scanning service like VirusTotal.

There is even an uploader-type application available, which allows submitting files to the service directly from the desktop, via a context menu option.