MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Order: PO/M15-0023”.
This email is send from the spoofed address “”Veneta Services Ltd.” <email@example.com>” and has the following body:
We have requirements for the attached items, kindly quote.
We are looking for your earliest quotation. Please send your offer soon.
M. Paschal Picolo
Veneta Services Ltd.
Via Mestrina, 64
30172 Mestre -VE-
Hours Monday through Friday:
9:00 to 12:30
15:00 to 19:00
9:30 to 12:00
The attached file Order#PO-M15-0023881221-pdf.zip contains the 205 kB large file Order#PO-M15-0023881221-pdf.exe.
The trojan is known as Suspicious.Cloud.5.
At the time of writing, 1 of the 57 AV engines did detect the trojan at Virus Total.
Use the Virus Total for more detailed information.