MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Email from Transport for London”.
This email is send from the spoofed address “email@example.com” and has the following body:
Please open the attached file to view correspondence from Transport for
If the attachment is in PDF format you may need Adobe Acrobat Reader to
read or download this attachment.
If you require Adobe Acrobat Reader this is available at no cost from
the Adobe Website http://www.adobe.com
Thank you for contacting Transport for London.
Customer Service Representative
In our mail client, the email wasn’t correctly parsed and the email coding was visible making the attached file less accessible. The attached is displayed as:
Again, this campaign is also a malware campaign and the Word file contains a macro so if your email reader allows you to click on the attached Word file, please do not and remove the email.