New WSF malware in email “Payment”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Payment”.

This email is send from the spoofed addresses and has the following body:

Dear ****,

You are receiving this email because the company has assigned you as part of the approval team.
Please review the attached proposal form and make your approval decision.

If you have any problem regarding the submission, please contact Antione.

Best regards,
Felix Lang
Assistant Vice President, Investment Officer

The attached file invoice84576872.doc is a Word file with malicious macro.
The attached file proposal_form_13bbd942.zip contains the folder proposal_form_13bbd942 with the following files: g and proposal form 20333CD pdf.wsf.

The malware is detected by 9/55 AV engines at Virus Total.