MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Please verify”.
This email is send from the spoofed addresses and has the following body:
Hey *******, as you requested, I have proofread the technical document you sent.
There are some confused parts in it.
Please verify the parts highlighted in the attached document.
The attached file tech_doc_85f5244.zip contains the file NRV26AIL.vbs (note that filenames will vary with each email).
The malware is detected as VBS/Locky.B, VBS/Agent.LKY!tr or Trojan-Ransom.Script.Locky by 21/54 AV engines at Virus Total.