MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Oder invoice 9156230_08.xls”.
This email is send from the spoofed address and has the following body:
Please find attached invoice #9156230_08 from 13/08/2014.
Reyes Mcdaniel .
We’re happy to help you with any questions or concerns you may have. Please contact us directly 24/7 via hxxp://www.charitytrends.org/ContactUs.aspx
The attached ZIP file has the name 9156230_08.zip which contains the folder Inv_3145835_453_979154.xls. In this folder the 131 kB large file Inv_3145835_453_979154.xls.scr is found.
Please note that the subject line and attachment file names may change with each message.
The trojan is known as Backdoor.Bot.ED.
At the time of writing, 1 of the 53 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.