MX Lab, http://www.mxlab.eu, started to intercept an email security risk campaign by email with the subject “Remittance Advice -LCDQ26”.
This email is send from the spoofed addresses and has only a confidentiality disclaimer in the body of the email:
Confidentiality and Disclaimer: This email and its attachments are intended for the addressee only and may be confidential or the subject of legal privilege.
If this email and its attachments have come to you in error you must take no action based on them, nor must you copy them, distribute them or show them to anyone.
Please contact the sender to notify them of the error.
This email and any attached files have been scanned for the presence of computer viruses. However, you are advised that you open any attachments at your own risk.
Please note that electronic mail may be monitored in accordance with the Telecommunications (Lawful Business Practices)(Interception of Communications) Regulations 2000.
The attached file LCDQ26.xls , which is 25 kB large, is a Excel file with an embedded macro that will download the real trojan. The code in the subject and attachment file name will change with every email.
At the time of writing, the malicious Word file is not being marked as dangerous by any AV engine at Virus Total.
Use the Virus Total permalink for more detailed information.
MX Lab recommends not to open this Excel sheet or keep at least the execution of a macro disabled in the security settings to avoid macros running when opening an Excel (or Word) file.