New WSF malware in emails with subject Emailing: IMG(0098).gif, Emailing: Photo(8109).png, Emailing: Picture(359).png


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subjects like:

IMG(0098).gif
Emailing: Photo(8109).png
Emailing: Picture(359).png

The subject will be a combination of Emailing:, IMG/Photo/Picture followed with a number between ( and ) and a gif, jpg or png extension type. Spoofed addresses are being used and has no body content in the email.

The attached file Picture(359).png.zip contains the file 515081450905_98025.wsf which is a Windows Script File.

Note again that the the attached and extracted filenames will vary with each email.

The malware is detected by 3/51 AV engines at Virus Total and the analysis is available on Hybrid-Analaysis.