MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with various subjects like:
We will be impelled to sue you
We are going to sue you
We are suing you
You are sending add messages
A message from our security service
The email is send from the spoofed address “ICI Investment <firstname.lastname@example.org>” and has the following body:
Your email is sending spam messages!
If you don’t stop sending spam, we will be impelled to sue you!
We’ve attached a scanned copy of the document assembled by our security service to this letter.
Please carefully read through the document and stop sending spam messages.
This is the final warning!
ICI Investment Company.
The attached ZIP file has the name Attached_Document#02504.zip and contains the 45 kB large file Attached_Document.exe.
The trojan is known as Trojan.Downloader.JOPJ (BitDefender, F-Secure, GData), Artemis!9121F25A31F5 (McAfee), Troj/Bredo-KE (Sophos).
Virus Total permalink and MD5: ddf4fb7e16e92219ba78dd4a22508e5a.