MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “FW:”.
This email is send from the spoofed addresses and has the following body:
Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice.
If you have any questions please let us know.
The attached file copy_akers_550294.zip contains the folder warning with the following files:
The file names of the attached ZIP archive and the extracted files will vary with each email.
Other malware will be downloaded from hxxp://z-14.ru/0DVmbd.exe.