New malware in email “fixed invoice”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “fixed invoice”.

This email is send from the spoofed addresses and has the following body:

I am very sorry for the wrong data file you received from me yesterday.
Attached is the fixed invoice

—–

Yours truly,

Viola Mccray
STATPRO GROUP
phone: +1 (151) 355-16-68
fax +1 (151) 355-16-45
Index: 0d83e1e98e306cda964c29182bb9fe9bdaed
e-mail: Mccray.22@iaama.org.au

I am very sorry for the wrong data file you received from me yesterday.
Attached is the fixed invoice

—–

Yours faithfully,

Connie Pugh
IMPAX ASSET MANAGEMENT GROUP PLC
phone: +1 (787) 307-00-33
fax +1 (787) 307-00-20
Index: 8693c4f8e80bb0f9f9523c15af2dda656611b4e66004cda911
e-mail: Pugh.7714@sugarcreekheatingcooling.com

The attached file update_0546.zipcontains the file AT0002875.wsf which is a Windows Script File.

The malware is detected by 354 AV engines at Virus Total.