New Word malware in fake email ‘scanned document’


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “scanned document”. The fake emails is created in such a way that it appears to be sent by the company Charisma Bathrooms Limited but this is not the case.

This email is send from the spoofed address “Tara Savill <tara@charismabathrooms.com>” and has the following body:

Kind regards,

Tara Savill

Charisma Bathrooms Limited
Unit 42 Shire Hill Industrial Estate
Saffron Walden
Essex
CB11 3AQ

T: 01799 528 770
F: 01799 528 530

www.charismabathrooms.com

I am using the Free version of SPAMfighter.
SPAMfighter has removed 10569 of my spam emails to date.

Do you have a slow PC? Try a free scan!

The attached file CCF26062014_00002.docm is a Word file with malicious macro.

The malware is detected by 7/57 AV engines at Virus Total. Malwr analysis shows that other malware is downloaded from the location hxxp://baldwinsun.com/media/5478hj.exe.

The malware is detected by 6/56 AV engines at Virus Total and the analysis is available on Malwr.