MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “FW: Scan from a Samsung MFP”.
This email is send from the spoofed address “Gareth Evans <firstname.lastname@example.org>” and has the following body:
Please open the attached document. It was scanned and sent to you using a
Samsung MFP. For more information on Samsung products and solutions, please
This message has been scanned for malware by Websense. http://www.websense.com
The attached file Untitled_14102015_154510.doc is a Word file with malicious macro that will download new malware from:
The malware is detected as LooksLike.Macro.Malware.gen!d1 (v), heur.macro.download.cc or Troj/DocDl-BC by 7 the 55 AV engines at Virus Total.
The executable 43s5d6f7g.exe is 193 kB large and is detected as QVM20.1.Malware.Gen by 1 of the 54 AV engines at Virus Total.