MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice”.
This email is send from the spoofed address “Essex Central Magazine <firstname.lastname@example.org>” and has the following body:
Please see attached invoice for the upcoming issue of Essex Central Magazine.
The attached file invoice.zip contains the 29 kB large file invoice_pdf.exe.
The trojan is known as Trojan.Upatre.Gen.1, Win32/TrojanDownloader.Waski.F, Trojan-Downloader.Win32.Upatre (A), Downloader.Upatre,
At the time of writing, 23 of the 57 AV engines did detect the trojan at Virus Total.
Use the Virus Total for more detailed information.