MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Fax #5678228 (number will change with each email)”.
This email is send from the spoofed address “”Fax.s” <firstname.lastname@example.org>” and has the following body:
Sent date: Tue, 21 Apr 2015 19:20:25 +0000
The attached file Fax#58899135.zip contains the 88 kB large file Fax.exe.
The trojan is known as Adware.Win32.iBryte.DFXQ, Packed.Win32.FakeAV-Crypter.6!O, PE:Malware.Obscure!1.9C59 or Trojan.Win32.Qudamah.Gen.24.
At the time of writing, 7 of the 56 AV engines did detect the trojan at Virus Total.