MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Don’t forget about meeting tomorrow”.
The email is send from the spoofed address “LinkedIn <email@example.com>” or “Files Tube >firstname.lastname@example.org>”and has the following body:
Don’t forget this report for meeitng tomorrow.
See attached file.
The attached ZIP file has the name Report.zip and contains the 83 kB large file Report_ALK_CON-39892-45.exe.
The trojan is known as W32/Trojan3.DUC, HEUR:Trojan.Win32.Generic, W32/Kryptik.AB!tr, W32.Cridex.
At the time of writing, only 8 of the 42 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: b91d0d02f21bf156d6825c32bfcdb918e729bf61b37dee65ead51793a2c21e56.