MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “FW: Order F-456933”.
This email is send from the spoofed addresses and has the following body:
Thank you for your order. Your Invoice – F-456933 – is attached.
As agreed this invoice will NOT be sent via post.
Regional Executive Vice President
The attached file order_details_456933.zip contains the xx kB large folder order_details_456933 with the following three files inside:
The malware is detected by only 1 of the 57 AV engines at Virus Total and is detected as HEUR.JS.Trojan.b.
Analysis by Malwr is not possible currently because the submitted files remain in queue.
Note: numbers in the subject and filenames may change with each email.