MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your eBay Invoice is Ready”.
This email is send from the spoofed address “eBay <firstname.lastname@example.org>” and has the following body:
PLEASE DO NOT RESPOND – Emails to this address are not monitored or responded to.
Please open the attached file to view invoice.
If the attachment is in PDF format you may need Adobe Acrobat Reader to read or download this attachment. If you require Adobe Acrobat Reader this is available at no cost from the Adobe Website http://www.adobe.com
This email has been scanned by the Symantec Email Security.cloud service.
This email and any attachment are intended solely for the addressee, are strictly confidential and may be legally privileged. If you are not the intended recipient any reading, dissemination, copying or any other use or reliance is prohibited. If you have received this email in error please notify the sender immediately by email and then permanently delete the email.
The attached file ebay_591278156712819_291015.exe contains the 40 kB large file ebay_591278156712819_291015.zip.
The trojan is known as Trojan.A1832C543, Upatre-FAED!65BE13F85A27, TROJ_UPATRE.YYSPW or W32/Monlin.6773!tr.
At the time of writing, 6 of the 56 AV engines did detect the trojan at Virus Total.
Use the Virus Total for more detailed information.