MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Remittance Advice for 245.58 GBP” (amount and filename of attachment may vary).
This email is send from the spoofed addresses and has the following body:
Please find attached a remittance advice for recent BACS payment.
Any queries please contact us.
Senior Accounts Payable Specialist
K J Watking & Co
The attached file is named BAC_6978393S.xls. This XLS, when opened, gives us the warning that it will use macros and the XLS has three empty tabs with Russian or cyrilic characters.
At the time of writing, 0 of the 51 AV engines did detect the trojan at Virus Total.