New Javascript malware: FW:


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “FW:”.

This email is send from the spoofed addresses and has the following body:

Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice.
If you have any questions please let us know.

The attached file copy_akers_550294.zip contains the folder warning with the following files:

496_ticket_443668416.lib
ticket_933450991.js

The file names of the attached ZIP archive and the extracted files will vary with each email.

At the time of writing, the 56 AV engines at Virus Total don’t detect the malicious Javascript. Details are available on Malwr for the files 1 | 2.

Other malware will be downloaded from hxxp://z-14.ru/0DVmbd.exe.

The malware is detected by 7/57 AV engines at Virus Total and the analysis is available on Malwr.