There's a spam run of a new Haxdoor variant - Haxdoor.KI - now detected as Backdoor.Win32.Haxdoor.ki.

We have reports of it being spammed in both Swedish and German language messages. The Swedish attachment is a zip file named Rakningen.zip. The German attachment is named Rechnung.zip.



The text of the message and the names of the attachments are the same as the spammed malware from last Tuesday. But the malware inside this message is completely different.

Here's a screenshot of Haxdoor.KI being detected by BlackLight:



As you can see from the screenshot, we now have a command line version of BlackLight. The new command line tool is available now at www.f-secure.com/blacklight. We'll have more details on it soon.