MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “invioce” and is sent from the spoofed address “European Commissions’s Office<email@example.com>” and has the following body:
Please open the attached file for your income tax invoice.From the EuropeanCommission’s office .This message is for all the European Union citizens.Note: European Union citizens Tax invoices are provided Once a year.please refer to your tax Confirmation email. Attachment: Tax Invoice.For Better Understanding.RegardsMr Jeff Black
The attached file is named invoice.exe and is approx. 170 kB large.
The trojan is known as a variant of Win32/Injector.PWG (NOD32), W32/Obfuscated.D!genr (Norman), Trojan.Win32.Generic.pak!cobra ( VIPRE).
At the time of writing, only 6 of the 42 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: 327c5ee89bd87295870e1792ff4636af91631248859cb1b51c71211f2f0ba1b4.