New VBS malware in email with subject “Bill” – Locky ransomware

MX Lab,, started to intercept a new malware distribution campaign by email with the subject “Bill”.

This email is send from the spoofed addresses and has the following body:

Dear *******

To continue using our maintenance service, please pay for last month’s fee by 4th of November.

The bill is attached in the email.
Please keep it for later purposes.

King Regards,
Doris Conner

The attached file contains the file TN C612A439.vbs while filenames can vary woith each email.

The malware is detected by 11/54 AV engines at Virus Total and is known as VBS/Locky.B.