MX Lab intercepted a new trojan distribution campaign by email with the subject “Don’t forget about meeting tomorrow”.
The email is send from the spoofed address “LinkedIn <welcome@linkedin.com>” or “Files Tube >filestube@filestube.com>”and has the following body:
The mail has a zip file attachment "Report.zip". It contains 83 kB large file Report_ALK_CON-39892-45.exe.
The trojan is known as W32/Trojan3.DUC, HEUR:Trojan.Win32.Generic, W32/Kryptik.AB!tr, W32.Cridex.
At the time of writing, only 19 of the 42 AV engines did detect the trojan at Virus Total.
The email is send from the spoofed address “LinkedIn <welcome@linkedin.com>” or “Files Tube >filestube@filestube.com>”and has the following body:
Don’t forget this report for meeitng tomorrow.
See attached file.
The mail has a zip file attachment "Report.zip". It contains 83 kB large file Report_ALK_CON-39892-45.exe.
The trojan is known as W32/Trojan3.DUC, HEUR:Trojan.Win32.Generic, W32/Kryptik.AB!tr, W32.Cridex.
At the time of writing, only 19 of the 42 AV engines did detect the trojan at Virus Total.
The Same malware campaign has been intercepted by Sophos researchers.
"Interestingly, the spelling of the email's message body can vary - presumably this was done in an attempt to avoid rudimentary email filters which might attempt to block messages." Sophos researchers said.
As always, users are advised to think twice before opening attachments and following links contained in unsolicited emails.