MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your receipt for today’s Ocado delivery”.
This email is send from the spoofed address “Ocado customer services <firstname.lastname@example.org>” and has the following body:
Your receipt for today’s delivery is attached to this email. I’ll be delivering your 12:00-14:00 order and, so you’ll know it’s me, I’ll be driving the Lemon van.
Your order doesn’t have any substitutions, everything’s there.
See you later,
A screenshot of the email:
The attached file receipt.doc is a Word file with a malicious macro that will download the trojan.
The malicious Word file is known as LooksLike.Macro.Malware.gen!d3 (v), W97M.Downloader.ACK, W97M.DownLoader.672, W2KM_DRIDEX.XDH or Troj/DocDl-ADW.
At the time of writing, 17 the 56 AV engines did detect the malicious Word file.
Use the Virus Total for more detailed information.