MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with “Documents Requested” in the subject line:
Re: Documents Requested
Fw: Documents Requested
This email is send from the spoofed addresses and has the following body including different name of a person at the end of the email:
Please find attached documents as requested.
The attached file in this case is named Untitled(7).docm and this is a Word file with malicious macro.
Other file names have also being noticed like doc(929).docm, doc(2).docm, new doc(54).docm,…. so the file name will vary with each email.