MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your InDesign CS4 License key”.
The email is send from the spoofed address “Adobe <email@example.com>” and has the following body:
Your Adobe CS4 License key is in attached document below.
We encourage you to explore its new and enhanced capabilities with these helpful tips, tutorials, and eSeminars.
Thank you for buying Adobe InDesign CS4 software.
Adobe Systems Incorporated
The attached ZIP file has the name License_key_N7853.zip and contains the 47 kB large file License_key.exe.
Please note that the from email address, the subject, content and name of the attached file can change accordingly.
The trojan is known as Troj/Bredo-LK (Sophos), W32/Yakes.F.gen!Eldorado (F-Prot), Downloader.Chepvil (Symantec).
At the time of writing, only 7 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and MD5: 09ecaf9fd2f4d7d42b0b4fde0f53b21e.