As of this writing, we are getting a lot of samples of a malware that Trend Micro is going to detect as TROJ_DLOADER.GAF (pattern has already been created and is now on the testing phase). The malware is currently being spammed as an attachment, the filenames and md5 of these files are different. Some of the filenames are:
- doc.zip
- test.zip
- document.zip
- body.zip
- text.zip
- Update-KB
-x86.zip
- file.zip
- readme.zip
- data.zip
- message.zip
- test.txt.pif
- text.txt.pif
- file.zip
The extensions vary ranging from zip, exe, pif, and cmd. The filesize of these attachments also vary from 12,430-12,758 bytes. Upon extraction of the file it will drop an executable file imitating however a notepad icon. Please reconsider opening emails with attachments having these filenames or as of today at least, opening attachments with these extensions.