MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Internet Service Fee (87399ID)” – number will change with each email.
This email is send from the spoofed address “xxxxx ” and has the following body:
Our company has made requested local repairs on your street. You are obligated to pay a fee of $99.00.
More information in the document enclosed.
The attached file caution_*****.*****-DA578_87399.zip (combination with first part of the recipients email address and variable parts) contains the file show4436.js (filename will vary).
The malware is detected by 2/56 AV engines at Virus Total and is detected as Trojan.OddJSwitch/Heur!1.A4FB or Js.Trojan.Raas.Auto.
Note: no Malwr analysis is available because the service takes too long at this moment.