MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice as requested”.
This email is send from the spoofed address “UK GEOLOGY PROJECT by Rough & Tumble with Moussa Minerals <firstname.lastname@example.org>”and here is no body text in the email.
The attached file 20140918_122519.doc is a malicious Word file with macro which will download the 73 kB large file bin.exe from the following locations:
The trojan is known as TR/Crypt.ZPACK.Gen4 or Malware.QVM20.Gen.
At the time of writing, 2 of the 54 AV engines did detect the trojan at Virus Total.