MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Ship Notification”.
This email is send from the spoofed address “USPS.com” and has the following body:
Our courier couldnt make the delivery of parcel to you at June 17 2014.
Print label and show it in the nearest post office.
Download attach . Print a Shipping Label NOW
USPS | Copyright 2014 USPS. All Rights Reserved.
Screenshot of the email:
The attached ZIP file has the name notification.zip and contains the 67 kB large file Notification_72384792387498237989237498237498.exe.
The trojan is known as Win32:Malware-gen, HW32.CDB.C647, W32/Trojan.BIFV-0857, W32/Trojan3.JCT or Trojan-Spy.Agent.
At the time of writing, 5 of the 54 AV engines did detect the trojan at Virus Total.