MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Internet Fax Job”.
This email is send from the spoofed address “Jos Van Elslande <JVE@notvanelslande.be>” and has the following very short body:
Image data has been attached.
The attached file fax34242.zip contains the 29 kB large file fax34242.exe.
The trojan is known as Trojan.Email.FakeDoc or Win32.Trojan.Inject.Auto.
A new process teminstall.exe will be created in the system and the following connectiosn on port 80 are established:
The following files are accessed:
At the time of writing, 2 of the 43 AV engines did detect the trojan at Virus Total.