New WSF malware in email “Temporarily blocked”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Temporarily blocked”.

This email is send from the spoofed addresses and has the following body:

Dear nancy,

this is to inform you that your Debit Card is temporarily blocked as there were unknown transactions made today.

We attached the scan of transactions. Please confirm whether you made these transactions.

King regards,
Maribel Goff
Technical Manager – Online Banking
e-mail: Goff.69690@thedreamcenterchurch.com

The attached file debit_card_1c869a00.zip contains the folder debit_card_1c869a00 with the files f and debit card details 2E6E68.wsf.

The malware is detected by 9/55 AV engines at Virus Total.