MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “fax aus “+49 (0) 30 xxx xxx xx” – xx seiten” (where x stands for number).
This email is send from different spoofed address sthat start with “fax@” and has the following body:
Faxnachricht [Caller-ID: +49 (0) 30 882 470 67]
Datum: 2014-04-28 12:58:48 UTC.
The attached ZIP file has the name fax_CF6922BF1222EE9078B5.zip and contains the 60 kB large file fax_1C33357D754884420273.exe.
The trojan is known as Backdoor.Bot, Malware.QVM03.Gen, a variant of Win32/Injector.BCTG, Virus.Win32.Heur.p or Win32:Malware-gen.
At the time of writing, 5 of the 51 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.