MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “CIT Inv# 15000375 for PO# SP14161”.
This email is send from the spoofed address “_CIG-EDI@CIRCOR.COM” and has the following body:
Please do not respond to this email address. For questions/inquires, please
contact our Accounts Receivable Department.
This email has been scanned by the MessageLabs outbound
Email Security System for CIRCOR International Inc.
For more information please visit http://www.symanteccloud.com
The attached file FOPRT01.DOC is a Word file with embedded macro that will download a trojan on your computer. The Word file is being recognized by 2 of the 57 AV engines at Virus Total and being named as W97M.Dropper.BN or VBA/TrojanDownloader.Agent.HG.
Use the Virus Total for more detailed information regarding the malicious Word file.
MX Lab recommends not to open the attached Word file or at least disable macro execution.