MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your friend added a new photo with you to the album”
The email is send from the spoofed address “Facebook <firstname.lastname@example.org>” and has the following body:
The attached ZIP file has the name New-Photo-with-You_on_Facebook_PHOTOID13O8WHZL.zip and contains the 77 kB large file New_Photo_with_You_on_Facebook.gif.exe.
The trojan is known as Spyware/Win32.Zbot, Trojan.Generic.KDV.739716, Trojan-Downloader.Win32.Andromeda.hr, Hack.Anti.Win32.XPACK.f, WS.Reputation.1, PAK_Generic.001, Win32.Hack.Anti.f.(kcloud).
At the time of writing, 16 of the 42 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: 31d09403725b774808c4e748b0ced6a6f3a9581cb68f0e2f43b7d3374fbbe579.