MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Fixed invoices”.
This email is send from the spoofed addresses and has the following body:
Sorry for mistakes in the invoice. The number is 362, the amount came to $289.26.
Please check out the details in the attachment.
The attached file inv0230538.zip contains the file ~_R8O2LU_~.wsf.