MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Invoice (w/e 070216)”.
This email is send from the spoofed address “Kelly Pegg [firstname.lastname@example.org]” while the message doesn’t originate from Response Recruitment but is a forgery with a malicious attachment. Response Recruitment is aware of this and also placed a disclaimer on their web site.
The email itself has the following body:
Please find attached invoice and timesheet.
The attached file SKM_C3350160212101601.docm is a Word file with malicious macro.
The malware is detected as Macro.Trojan-Downloader.Agent.MM, Trojan:W97M/MaliciousMacro.GEN, WM/Agent!tr or W97M/Downloader!7D0374C82670 by 5 of the 54 AV engines at Virus Total.
Malware will be downloaded from:
The malware is detected as UDS:DangerousObject.Multi.Generic, PE:Malware.RDM.18!5.18 [F] or Mal/Generic-S by 3 of the 54 AV engines at Virus Total.