MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Postal Notification Service”.
This email is send from the spoofed address “FedEx <firstname.lastname@example.org>” and has the following body:
You parcel arrived, read the account in the attachment.
Submit time: Tue, 17 Feb 2015 11:23:13 +0000
Screenshot of the email:
The attached file invoice.zip contains the 25 kB large file invoice.exe.
The trojan is known as UDS:DangerousObject.Multi.Generic, HEUR/QVM20.1.Malware.Gen or Upatre.FH.
At the time of writing, 3 of the 57 AV engines did detect the trojan at Virus Total.
Use the Virus Total or Malwr for more detailed information.