Trojan Troj/Zbot-IYF present in fake email with invoice from Peter Hogarth & Sons LTD


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice 642555”.

This email is send from the spoofed address “john.williamson@peterhogarth.co.uk” and has the following body:

Please find attached your Invoice(s)/Credit(s)

PETER HOGARTH & SONS LTD

INDUSTRIAL HYGIENE and PROTECTION

Tel: 01472 345726 | Fax: 01472 250272 | Web: http://www.peterhogarth.co.uk

Estate Road No. 5, South Humberside Industrial Estate, Grimsby, North East Lincolnshire, DN31 2UR

Peter Hogarth & Sons Ltd is a company registered in England.
Company Registration Number: 1143352
Registered Office Address: 33 Peaks Lane, New Waltham, Grimsby, North East Lincolnshire, DN36 4LZ

The attached ZIP file has the name Attachment.arj and contains the 271 kB large file Invoice 77261990001.PDF.exe.

The trojan is known as Troj/Zbot-IYF, TR/Crypt.ZPACK.95285, Win32.Troj.Undef.(kcloud), BehavesLike.Win32.ZeroAccess.dc, HEUR/QVM07.1.Malware.Gen,

At the time of writing, 10 of the 51 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: b8e1d899c472e9f288e27d4a31a87586c2158cc932eb19e238e27f0284005b55