MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your transaction is completed”.
This email is send from the spoofed address “Barclays.NET” <email@example.com>” and has the following body:
Transaction is completed. 8678 GBP has been successfully transfered.
If the transaction was made by mistake please contact our customer service.
Payment receipt is attached.
*** This is an automatically generated email, please do not reply ***
Barclays.Net 2013 Corporation. All rights reserved.
The attached ZIP file has the name Payment receipt 1534465.zip and contains the 70 kB large file Payment receipt 8821991.exe (note: file name may vary with each email).
The trojan is known as Trojan.Ransom.ED or Mal/Generic-S.
At the time of writing, 2 of the 54 engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.