MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “invoice EME018.docx “.
This email is send from the spoofed address “Ieuan James <firstname.lastname@example.org>” and has an empty body.
The email in question was shown as it was mal formatted or corrupted but it’s possible that some email clients will show it correctly:
——— code continues ——————–
The attached file invoice EME018.doc is a Word file with a macro that will download the malware.
At the time of writing, 1 of the 56 AV engines did detect the trojan at Virus Total.
Use the Virus Total permalink for more detailed information.
UPDATE: 08/01/2015 11:20
The Word macro will download the file bin.exe from the following locations:
The trojan is known as Gen:Variant.Kazy.531412, Downloader-FANV!8B52FF380807 or Dridex.K.