MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Order Details”.
This email is send from the spoofed address “Amazon.co.uk ” and has the following body:
Thank you for your order. Well let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on Amazon.co.uk.
Order R:131216 Placed on October 09, 2014
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon. Amazon.co.uk
The 532 kB malicious file is not present in a ZIP file but attached directly and has the name order_report_72364872364872364872364872368.exe (numbers may vary).
The trojan is known as Trojan.MSIL.BVXGen, BehavesLike.Win32.Dropper.qh or Win32.Trojan.Inject.Auto.
At the time of writing, 3 of the 53 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.