MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “payment receipt”
This email is send from the spoofed address “Reception at Winthrop Village Dental Centre <email@example.com>” and has the following body:
Sorry cant fax.
I hope this is OK.
The attached file CCE19102015.doc is a Word file with malicious macro that will download the real malware.
The Word file is detected as LooksLike.Macro.Malware.gen!d1 (v)
At the time of writing, 2 of the 55 AV engines did detect the trojan at Virus Total.
Use the Virus Total for more detailed information.