MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “ Abcam Despatch [CCE5303255]”.
This email is send from the spoofed address “email@example.com” and has the following body:
The confirmation invoice for order 1366976 is attached.
Please let me know if you need any other paperwork.
The attached file invoice_1366976_08-01-13.xls is an Excel sheet with malicious macro that will download the payload from the following hosts:
The trojan is known as UDS:DangerousObject.Multi.Generic or Suspicious.Cloud.5.
At the time of writing, 2 of the 55 AV engines did detect the trojan at Virus Total.
Use the Virus Total for more detailed information.