MX Lab, http://www.mxlab.eu, intercept a few samples of a new trojan found in emails with the subject “A friend just sent you a new year gift from amazon” sent from the spoofed address “amazon seller <firstname.lastname@example.org>”.
The email has the following body:
We are to inform you that someone just sent you a gift from amazon.com,
below is the recipt kindly open and track the order. Wishing you a lovely year ahead.
The malware is approx. 221 kB large and listens to the name file4402_fdp.exe.
The trojan is known as Win32:Malware-gen (Avast), Trojan.Win32.VBKrypt.imoz (Kaspersky), Artemis!798A4ABB09D7 (McAfee), Mal/Generic-L (Sophos).
At the time of writing, 24 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: 40bbaa3e93e50dbdc2b615ae383c3c36c0ab358c311a39efaf6c1246b71ef903.