MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Invoice ID:248c90 in attachment.” (numbers will vary in each subject line and also in the attached file name). This email is send from the spoofed addresses and has no body content.
The attached file 248c90.doc is in fact an Word file with embedded macro that will download the real trojan from different hosts.
At the time of writing, 0 of the 56 AV engines did detect the malware at Virus Total.
MX Lab recommends not to open the attached Word file or at least make sure that macro’s are disabled.