MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “HMRC Employer Alerts & Verification”.
This email is send from the spoofed address “HMRC <email@example.com>” and has the following body:
Thank you for your registration details which have been recorded for email alerts purposes only.
We expect to send you three email alerts a year – February, May and December.
These will give you the links to the latest Employer Bulletin and HMRC PAYE Tools (previously the Employer CD-ROM).
Please complete all relevant sections of the attached application form and attach the appropriate documents to confirm your identity.
** Do not reply to this email as this mailbox is unmonitored for incoming mail.
The attached ZIP file has the name HMRC_35F218F904.zip and contains the 95 kB large file HMRC Employer Alerts & Verification_00FF8024957__randon_numbers__5324.pdf.
The trojan is known as
At the time of writing, 5 of the 49 AV engines did detect the trojan at Virus Total.