October 20, 2014
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Adobe Invoice” which is quite similar to a previous malicious campaign but in that case a Word document was used.
This email is send from the spoofed address “Adobe Billing <firstname.lastname@example.org>” and has the following body:
Thank you for signing up for Adobe Creative Cloud Service.
Attached is your copy of the invoice.
Thank you for your purchase.
The Adobe Team
Adobe Creative Cloud Service
The attached ZIP file has the name adb-102288-invoice.zip and contains the 117 kB large file c3.exe.
The trojan is known as PE:Malware.FakePDF@CV!1.9C3A or Win32.Trojan.Inject.Auto.
At the time of writing, 2 of the 53 AV engines did detect the trojan at Virus Total so be careful when handling this email.
Use the Virus Total permalink for more detailed information.