MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Balance sheet”.
This email is send from the spoofed address and has the following short body:
Please save the attached file to your hard drive before deleting this message. Thank you.
The attached ZIP file has the name Balance_sheet_pdf.zip and contains the XXX kB large file Balance_sheet_pdf.scr.
The trojan is known as Trojan.Ranapama.AU, W32/Trojan.APUP-2842, W32/Trojan3.INJ, HEUR/Malware.QVM20.Gen or Trojan.Cryptodefense.
At the time of writing, 12 of the 51 AV engines did detect the trojan at Virus Total.