Another round of spammed versions of TrojanPSW.Tepfer are arriving in users inboxes today. Like the previous versions, this round of emails have also been socially engineered to trick users into opening its malicious attachment. The email contains a forged “From:” field pretending to arrive from the faxing service, eFax.
The email scam will also contain an Attachment. The attachment is a malicious executable file (disguised as a fax).
Here is an example email:
If the attachment is executed, the unknowing users machine gets infected with a Trojan identified by Thirtyseven4 Antivirus as “TrojanPSW.Tepfer.jqj“.
Upon analysis of the Trojan, we have observed that the file drops files at the following locations-
%AppData%\[randome_name folder]\[randome_name].exe {polymorphic file}
The dropped files by TrojanPSW.Tepfer are polymorphic in nature (meaning every time you visit the same link you will get a different file).
In addition to updating the Thirtyseven4 Antivirus virus scanner for these threats and future similar threats, the Thirtyseven4 Browser Protection module will be immediately updated to block any future websites should this Trojan start attempting to reach malicious websites.
| 
