Billing Email Comes with Malware Downloader

 Analysis by: Joachim Capiral

We have observed a spam outbreak where email messages pose as a simple billing email. It uses Bill in its subject, along with random numbers and a document file as an attachment. There are no messages in the spam message body, making a curious reader eager to click and open the attachment. As with spam like this, the attachment contains a malicious macro, detected as W2KM_DLOADR.YYSWI. This macro is known to download other files, possibly malicious in nature, in the affected system.

Trend Micro product users automatically are protected from the execution of the attachment. Products where spam filtering is enabled assures that this kind of spam never reaches your inbox.

 SPAM BLOCKING DATE / TIME: December 17, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.1
  • PATTERN:2766