MX Lab, http://www.mxlab.eu, started to intercept a new trojan new variant distribution campaign by email with the subject “my new photo ;)”.
This type of campaign is current running for some time now, see other blog articles on the 26th September, 16th September, 5th September and 22nd August 2014, and still appears in the wild with a very low detection rate by anti virus engines:
This email is send from the spoofed email addresses and has the following short body:
my new photo 😉
The attached ZIP file has the name photo.zip, once extracted a folder photo is available with that contains the 57 kB large file photo.exe.
The trojan is known as a variant of HEUR/QVM03.0.Malware.Gen or Win32:Malware-gen.
At the time of writing, 2 of the 53 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.