MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “12/16 A Invoice”.
This email is send from the spoofed address “Araceli Garcia <GarciaAraceli911@latinbienes.com>” and has the following body:
Please find attached a recharge invoice for your broadband.
The attached file invoice84576872.doc is a Word file with malicious macro.
The malware is detected as CXmail/OleDl-A by 1 of the 56 AV engines at Virus Total.
An malicious executable will be downloaded from hxxp://220.127.116.11/chicken/bacon.php by the macro.
The malware is detected as HW32.Packed.BC8B, UDS:DangerousObject.Multi.Generic or BehavesLike.Win32.Downloader.cc by 3 of the 54 AV engines at Virus Total.