MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject like:
This email is send from spoofed address and has the following very short body:
I will send final part also
The attached file 9ZENF7xtLTtz.zip contains the 48 kB large file part_DGStyutyuertQ34G_xpdf.exe. The combinations in the filenames will vary with each email.
The trojan is known as Trojan/Win32.Upatre, W32/Upatre.E3.gen!Eldorado, TR/Crypt.ZPACK.Gen or Downloader.Upatre!gen9.
At the time of writing, 9 of the 57 AV engines did detect the trojan at Virus Total.