MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Service Suspension Notification [ID:D43B02913]”.
This email is send from the spoofed address “Davldfzme@business.telecomitalia.it” and has the following body:
This is a notification that your service has now been suspended. The details of this suspension are below:
Product/Service: PREMIUM 1
Amount: $160.00 GBP
Due Date: 15/02/2015
Suspension Reason: Unpaid
Please contact us as soon as possible to get your service reactivated.
The attached file D43B02913.xls is an malicious Excel sheet that will use the macro function to download a trojan.
The malicious Excel sheet is being detected by 1 of the 56 AV engine at Virus Total and is named X97M/Downloader.g.
MX Lab recommends not to open the Excel sheet or at least keep the macro function disabled.
Use the Virus Total for more detailed information.