MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Fax to”.
This email is send from a spoofed address and has the following body:
Fax ID: 1500566473
User ID: 429286424
The attached file fax-1500566473_429286424.zip contains the 148 kB large file Document_invoice.exe.
The trojan is known as Downloader-FAVN!A43A201F788E, Trj/Genetic.gen, PE:Malware.Obscure!1.9C59 or Win32.Trojan.Fakedoc.Auto.
At the time of writing, 4 the 57 AV engines did detect the trojan at Virus Total.