MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Invoice”.
This email is send from the spoofed addresses and has the following body:
Please find the invoice attached.
How about meeting on Friday?
Phone +1 (034) 518-10-59
Fax +1 (034) 518-10-15
The attached file 3dalain_1819047.zip contains the file INV000 fd64.js. Note that the signature in the email and the filenames of the ZIP archive and the payload may change with each email.