MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Thank you for your generous donation! Charity Trends .”.
This email is send from the spoofed address and has the following body:
Thank you for your generous donation of 2623 GBP, which we received today.
Your generosity will make an immediate difference in the lives of many people who need your help. The funds raised will go toward them.
You will find all information about your donation in zip archive.You are making a difference!
Thanks again for your kindness,
Elsa Nash .
We’re happy to help you with any questions or concerns you may have. Please contact us directly 24/7 via hxxp://www.charitytrends.org/ContactUs.aspx
The attached ZIP file has the name DON_9683272_90.zip and contains the folder DON_4356984_08_14_14. Indside this folder, the 102 kB large file DON_4356_45984_08_14_14.scr will be found.
Please note that the subject line and attachment file names may change with each message.
The trojan is known as Trojan/Win32.Zbot, Win32:Malware-gen, HEUR/Malware.QVM20.Gen or Mal/Generic-S.
At the time of writing, 4 of the 54 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.