MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Aline Payment Request”.
This email is send from the spoofed address “Bruce Sharpe <firstname.lastname@example.org>” and has the following body:
ATTENTION: ACCOUNTS PAYABLE
Our records show that your current balance with us is �2795.50 of which �2795.50 is still overdue.
Your urgent attention and earliest remittance of this amount would be appreciated.
We value your business and we would like to resolves any issues as quickly as possible. I am personally available on (02) 8508 4900 or email@example.com
Bruce Sharpe – Accounts Receivable
PO Box 694 Engadine NSW 2233 P. 02 9544 9999 F. 02 9544 8599 E. firstname.lastname@example.org
The attached file Statement_1973_1357257122414.doc is a 90 kB large Word file with malicious macro that will download additional malware.
The Word malware is detected as Trojan.Script.MLW.dyxcgi, HEUR.VBA.Trojan, heur.macro.download.cc or Trojan-Downloader/W97M.Iron.
At the time of writing, 4 the 54 AV engines did detect the trojan at Virus Total.