MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “CITY OF PORT Arthur – STORM SEWER Project”.
This email is send from various spoofed email addresses and has the following body:
Please see attachment for contract. Please sign and return.
Fred Stepp – Office Manager
McInnis Construction, Inc.,
675 South 4th Street
Silsbee, Texas 77656
The attached file WOM8zLph4X8W.zip contains the 35 kB large file contract_erwer2rdfvcsdva_erwr.exe.
The trojan is known as Kryptik.CLASS.
At the time of writing, 1 of the 55 AV engines did detect the trojan at Virus Total.