MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your document”, send from spoofed addresses and has the following ver short body:
To view your document, please open attachment.
The attached ZIP file has the name document_8608003.pdf.zip and contains the 196 kB large file c3.exe.
The trojan is known as Trojan-Spy.Zbot, W32/Risk.QSAW-8224, Luhe.Fiha.A or PE:Malware.FakePDF@CV!1.9C3A.
At the time of writing, 5 of the 54 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.