MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Bill”.
This email is send from the spoofed addresses and has the following body:
To continue using our maintenance service, please pay for last month’s fee by 4th of November.
The bill is attached in the email.
Please keep it for later purposes.
The attached file november_bill_04fcbb9.zip contains the file TN C612A439.vbs while filenames can vary woith each email.
The malware is detected by 11/54 AV engines at Virus Total and is known as VBS/Locky.B.