MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “inovice_AUG_9693495.pdf”.
This email is send from the spoofed addresses and has the following short body:
This email contains an invoice file attachment
Attached is a 16 kB what appears to be a blank PDF file with the file name inovice_AUG_9693495.pdf but in fact contains a potential risk when opened.
Note that the numbers in the subject and filenames vary.
The threath is known as Exploit/CVE-2013-2729, HEUR:Exploit.PDF.Generic, Artemis!89839FA52903 or NORMAL:Hack.Exploit.MalPDF.a!1609222.
At the time of writing, 6 of the 50 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.