MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Payment request of 2537.78 (14 JAN 2015)”.
This email is send from the spoofed addresses and has the following body:
Sub: Remitance of GBP 2537.78
This is with reference to the above, we request you to kindly remit GBP 2537.78 in favor of our bank account.
For more information on our bank details please refer to the attached document.
The attached file 11492UR.doc, name may vary, contains a macro that will download additional files from the following locations:
The file downloaded is 114 kB large and is named g08.exe.
At the time of writing, 6 of the 57 AV engines did detect the trojan at Virus Total.