MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “United Parcel Service notification” send from the spoofed address “United Parcel Service <firstname.lastname@example.org>”.
The body of the email is made from an image but on our computer the image is broken. The included image UR points to http://1stchoiceindustrial.com/bd32t.jpg but no file is found on this server. I’m sure that we can guess what they are willing to share with us.
The attached ZIP file has the name document.zip and contains the 37 kB large file document.exe.
The trojan is known as TROJ_SPYEYE.SMEP (Trend Micro), Trojan.Agent/Gen-FakeAlert[RnGlobal] (SuperAntiSpyware), W32/Bamital.FA!tr (Fortinet).
At the time of writing, only 5 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and MD5: ad91c4ccb6503ccfdf0bfd51d55bcb7a.