New Word malware: Email from Transport for London

MX Lab,, started to intercept a new malware distribution campaign by email with the subject “Email from Transport for London”.

This email is send from the spoofed address “” and has the following body:

Dear Customer,

Please open the attached file to view correspondence from Transport for

If the attachment is in PDF format you may need Adobe Acrobat Reader to
read or download this attachment.

If you require Adobe Acrobat Reader this is available at no cost from
the Adobe Website

Thank you for contacting Transport for London.

Business Operations
Customer Service Representative

In our mail client, the email wasn’t correctly parsed and the email coding was visible making the attached file less accessible. The attached is displayed as:

Content-Disposition: attachment;
Content-Type: application/msword;
Content-Transfer-Encoding: base64
Content-Description: FR7000609906.doc


Again, this campaign is also a malware campaign and the Word file contains a macro so if your email reader allows you to click on the attached Word file, please do not and remove the email.