MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice 733351”.
This email is send from the spoofed address “firstname.lastname@example.org” and has the following body:
Please can you let me have a payment date for the attached Invoice?
‘ (Main) 01884 242626 ‘ (Direct Dial) 01884 250764
Please consider the environment before printing
Broad Oak Toiletries Ltd, Tiverton, Tiverton Way, Tiverton Business Park, Tiverton, Devon, EX16 6TG
Registered No. 1971053 England & Wales
Telephone: +44 (0) 1884 242626
Facsimile: +44 (0) 1884 242602
The attached ZIP file has the name Invoice 9921312.zip and contains the 106 kB large folder Invoice 9921312 with the file Invoice 9921312(copy1).exe.
Note that the reference number in the subject and filenames changes with each email.
The trojan is known as HW32.Paked.C563, Fareit.HG, HEUR/Malware.QVM07.Gen, Troj/Zbot-IWZ.
At the time of writing, 5 of the 54 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink or more detailed information.