MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “USPS Delivery Failure Notification”.
The email is send from the spoofed addresses and has the following body:
Unfortunately we failed to deliver the postal package you have sent on the 2nd of December in time because the recipient’s address is erroneous.
Please print out the shipment label attached and collect the package at our office.
United States Postal Service
The attached ZIP file has the name USPS report.zip and contains the 45 kB large file USPS report.exe.
The trojan is known as Troj/DwnLdr-JNL (Sophos), Gen:Variant.Kazy.47555 (F-Secure), Trojan-Downloader.Win32.Pakes.it (Kaspersky), Gen:Variant.Kazy.47555 (BitDefender).
At the time of writing, only 18 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and MD5: 371f5f724fbd95db62a217c4c2f5d1be.