MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Postal Notification Service”.
This email is send from the spoofed address “”Fedex >” <email@example.com>” and has the following body:
Your parcel has arrived at December 12. Courier was unable to deliver the parcel to you.
To receive your parcel, print this label and go to the nearest office.
Screenshot of the email:
The embedded URL, in our sample hxxp://appimmobilier.com/notification.exe, will download the 58 kB large file notification.exe.
The trojan is known as Win32/TrojanDownloader.Wauchos.AF, UDS:DangerousObject.Multi.Generic or Win32.Trojan.Inject.Auto.
At the time of writing, 3 of the 56 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.