MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subjects:
NOVEMBER INVOICE ADVICE
INVOICE ADVICE 08/01/2015
This email is send from the spoofed address “Laverne King <Rosalyn.firstname.lastname@example.org>” and has the following body:
Happy New Year
Please could you advise on the November GBP invoice in the attachment for me?
HAZEL RENEWABLE ENERGY VCT 1 PLC
The attached file in the format RBAC_XXXXXX.xls (with different characters) and is an Excel sheet with macro that will download additional components from various locations.
The Excel sheet is currently detected by 1 of the 56 AV engines did detect the trojan at Virus Total and marked as Trojan.Script.Agent.dlanqt.
Use the Virus Total for more detailed information.