MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Message from “CUKPR0669361″”.
This email is send from the spoofed address in the format scanner@domainname_recipient and has the following body:
This E-mail was sent from “CUKPR0329001” (Aficio MP C305).
Scan Date: 17.11.2015 09:08:40 (+0000)
Queries to: <firstname.lastname@example.org
The attached file 201608120908.zip contains the file Untitled(356)-12082016.wsf. The WSF file is a Windows Script File.