MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Annual report”.
This email is send from the spoofed address “olivia <email@example.com>” and has the following body:
Annual report sent to you, maybe yours.
Algyr le parc
119 BL de la Bataille de Stalingrad
The attached file Annual report contains the 35 kB large file Luk22.exe.
The trojan is known as BehavesLike.Win32.Downloader.nh, Mal/Dyreza-J or TROJ_UPATRE.SMNF1.
At the time of writing, 4 of the 55 AV engines did detect the trojan at Virus Total.