This is a new school twist to an old school scam, fax machine spam. Miscreants would send out bogus faxes with scam numbers many times just trying to hawk “dealz” or, in some cases try to phish info from the caller. But, for the most part fax machine spam has subsided (i think, i have no real data, just a hunch).
A friend, who wishes to remain anonymous, said that several of these faxes appeared at her office over the last two days. She forwarded me a scan of one to review.
You can see that this is all sorts of wrong, even the QR codes look like they were psychically pasted (after the fact) on this fax. What was interesting is that the QR code leads to a site that wants you to download an app (link for both Andoird and Apple devices) to install on your phone. I’ve redacted the QR codes and numbers to protect the innocent (and inept).
Looking into it further these are bogus premium rate SMS apps that send text messages to numbers the scammers control, then you get charged for premium SMS messages and they make cash. Be warned, don’t just scan QR codes everywhere. I wonder how many people at my friends company used their neato smart phone to follow those codes and installed those apps? Maybe it’s not a bad idea to protect your main corporate fax number a bit, too.
Malware analysis is not a skill that every IT security professional has. It comes with a heavy amount of programming experience, an understanding of assembly, computer memory, debuggers and decompilers. Malware analysis can take a lot of time and skill, and is usually not done by organizations’ security staff. The staff leaves it to AV vendors and security research companies to do the analysis and make reports.
What happens when your company sees a lot of spam with zip attachments? Wouldn’t it be nice to see what these attachments do if opened; if they’re a Trojan or are making your client machines into botnet zombies? If you could analyze these files and see where they’re calling you could block these URL’s and IP’s at your perimeter, and not just rely on your spam filters or users’ judgment.
I found a pretty neat site called joebox.org. I’ll let you read more about the site’s origin and purpose, but to summarize: Joebox.org allows you to submit script and executable files to it and will send you a detailed analysis within a few minutes.
Joebox.org takes your script or executable and runs it on a vm, then sends you the processsystem calls, dll hooks, networkdns traffic generated. You can choose what OS to run your files on, and the best part is it’s FREE!
So, now when your company starts getting those spam emails with attachments you can be the hero and provide custom remediation to the threat, right after you finish your cup o’ joe!