MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Tiket alert”.
This email is send from the spoofed address “FBR service <firstname.lastname@example.org>” and has the following body:
Look at the link file for more information.
Assistant Vice President, FBR service
The downloaded file ticket8724_pdf contains the 28 kB large file ticket8724_pdf.
The trojan is known as Upatre.EP, Artemis!01077BEB9EEE, PE:Malware.FakePDF@CV!1.9E18 or Mal/Generic-S.
At the time of writing, 4 of the 56 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.