There's been a spam run of a new backdoor application that we now detect as Trojan-Spy.Win32.BZub.bs.

This was spammed in Swedish e-mail messages with an attachment called R�kningen.exe or Rakningen.exe - which means "Bill" in most Nordic languages.



The actual trojan is very similar to the ones we've seen before targeting German speaking users (with "Rechnung.exe"). When run, the trojan drops a file named ipv6mons.dll which monitors user activities.