A spammed email is making the rounds with the subject line “Your internet access is going to get suspended” from the “ICS Monitoring Team”. Some ThreatFire users started seeing it and were protected from the executable late last night.
Have you been paying your bills? Sure you have. Have you been performing any illegal online activity? I hope not.
Anyways, the zipped attachment includes a nasty piece of spyware sometimes named “user-ea49943x-activities.exe” that ThreatFire prevents as “Spyware.Goldun”. Do not test your software with it, delete the message and the attachment along with it.
Update: The guys at mxlab included some technical details on their post last night.