MX Lab, http://www.mxlab.eu, started to intercept a new trojan variant distribution campaign by email with the subject “My new photo ;)”.
This email is send from the spoofed addresses and has the following short body in very poor English:
my new photo 😉
if you like my photo to send me u photo
The attached ZIP file has the name photo.zip, once extracted a folder photo is available with that contains the 127 kB large file photo.exe.
The trojan is known as a variant of Win32/Injector.BKLN, W32/Trojan.VXSW-3691, Spyware.Zbot.ED, Dropper-FLV!45F22B6FFADD, BehavesLike.Win32.Rontokbro.cm or Trojan.Win32.Agent (A).
At the time of writing, 6 of the 52 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.