MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice #: 43-32056-1, Auction : SHOPPER’S”.
This email is send from the spoofed address”email@example.com” and has the following body:
Grafe Auction Company
Invoice #: 43-32056-1
The attached file Invoice.zip contains the 28 kB large file Invoice.exe.
The trojan is known as W32/Upatre.E2.gen!Eldorado, W32/Upatre.E2.gen!Eldorado, Upatre-FAAR!E917CEC9A933, Artemis!Trojan, Trojan.Agent/Gen-Downloader or Win32.Trojan.Downloader-pdf.Auto.
At the time of writing, 14 of the 57 AV engines did detect the trojan at Virus Total.