Analysé par: Joachim Capiral

A new wave of spam that uses *.rar *.zip *.gif *.tiff *.docx *.pdf *.jpg is making its rounds.

The attachment looks like it is renamed to lure recipients into clicking the attachment files. These attachments are archive files that come with a JavaScript file that drops a LOCKY malware, detected as JS_LOCKY.BQ.

It looks like this is similar to the spam wave found several days ago that also distributes Locky ransomware. See Malspam With JavaScript Attachment Leads To Locky Ransomware.

 Spam Blocking Date/Time: : 29 mars 2016 GMT-8
 TMASE
  • TMASE Engine: 8.0
  • TMASE Pattern: 2228