MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice 642555”.
This email is send from the spoofed address “firstname.lastname@example.org” and has the following body:
Please find attached your Invoice(s)/Credit(s)
PETER HOGARTH & SONS LTD
INDUSTRIAL HYGIENE and PROTECTION
Tel: 01472 345726 | Fax: 01472 250272 | Web: http://www.peterhogarth.co.uk
Estate Road No. 5, South Humberside Industrial Estate, Grimsby, North East Lincolnshire, DN31 2UR
Peter Hogarth & Sons Ltd is a company registered in England.
Company Registration Number: 1143352
Registered Office Address: 33 Peaks Lane, New Waltham, Grimsby, North East Lincolnshire, DN36 4LZ
The attached ZIP file has the name Attachment.arj and contains the 271 kB large file Invoice 77261990001.PDF.exe.
The trojan is known as Troj/Zbot-IYF, TR/Crypt.ZPACK.95285, Win32.Troj.Undef.(kcloud), BehavesLike.Win32.ZeroAccess.dc, HEUR/QVM07.1.Malware.Gen,
At the time of writing, 10 of the 51 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.