MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects:
RapidFAX: Inbound Fax
RapidFax: New Inbound Fax
The email is send from the spoofed address “RapidFax Alert” and has the following body:
The attached ZIP file has the name rapidfax-E4C935577EDD.zip and contains the 117 kB large file RapidFAX_MCID_000_LOTS_OF_NUMBERS__13341.pdf.exe.
The trojan is known as UDS:DangerousObject.Multi.Generic or Trojan.Lameshield.
At the time of writing, only 2 of the 46 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: 67e706acd75e84d5ed4590baf15161281dce174a897512f2216e2330353e7001.