Then there's been a new Rechnung spam run in German-speaking countries. Masquerading as a bill from the "1&1" ISP, the e-mails look like this:
We now detect the attachment as Backdoor.Win32.Agent.akf.
Updated to add: We have now seen same spam e-mails but with a different attachment, now detected as W32/Haxdoor.LQ or Backdoor.Win32.Haxdoor.jw. This variant tries to steal credentials for various banks located in Germany, Austria, Poland, and Sweden.