There has been a large outbreak of malware attacks involving malicious spam email messages disguised as eFaxCorporate fax notifications and fake scans from Xerox Workcenter. There have been numerous attacks involving these kinds of tactics; however, the volume of these fake email messages is staggering, representing an increase of nearly one thousand percent in the number of similar attacks. Both of these attacks involve the W32/Trojan2.NTLB Trojan, a dangerous password stealer that seems to act as a gateway, allowing criminals to gain access to web servers in order to distribute malware. ESG security researchers have observed an increase in spam email messages that attack office workers or take advantage of office and productivity tools and their automatic email notifications. After all, an office worker accustomed to receiving dozens of eFaxCorporate or Xerox Workcenter email messages every day is less likely to detect that malicious email message carrying the W32/Trojan2.NTLB and to distinguish it from the others in his or her inbox.
Once W32/Trojan2.NTLB infects a computer, W32/Trojan2.NTLB scans the infected computer for FTP applications, presumably to steal passwords and credentials for these kinds of file transfer protocol programs. This allows criminals to take over web servers, using them then to distribute malware by sending out additional spam email messages or inserting malicious scripts into otherwise harmless websites. While it is always dangerous when a computer becomes infected with malware, this is much more worrying when it occurs to a web server. Because of this, ESG security researchers strongly advise IT professionals to be on guard for these kinds of spam email messages and to establish adequate anti-spam protections for office email systems.
The main way to protect your computer from a W32/Trojan2.NTLB attack is to ensure that you are using a reliable anti-malware program and that it is active at all times. It is also important to ensure that your email inbox is protected by an adequate spam filter that will detect malicious email messages containing the W32/Trojan2.NTLB and other malicious email attachments. Common sense is also a huge factor, since W32/Trojan2.NTLB is spread using social engineering. ESG security researchers strongly advise to be very careful when downloading email attachments, even if they allegedly proceed from a trustworthy source such as the applications listed above.
How Can You Detect W32/Trojan2.NTLB?