MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject in the format “uk_confirmation_ph999546375.pdf”.
This email is send from the spoofed addresses and has the following body:
Confirmation letter enclosed. Please see attachment.
The attached file uk_confirmation_ph999546375.zip contains the folder uk_confirmation_ph999546378.