MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Your Amazon.co.uk order has dispatched (#583-6989419-8889556)”.
This email is send from the spoofed address “”Amazon.com” <email@example.com>” and has no body content in the email. It is clear that this fake email doesn’t originate from Amazon directly.
The attached file invoice84576872.doc is a Word file with malicious macro.
The attached file ORDER-583-6989419-8889556.zip contains the file 4775327493_4421613.js.
The malware is detected as Trojan.Ransom-Locky!8.4655-fi21vws43hB (Cloud) by 3/56 AV engines at Virus Total.