Analysis byCedrick Ramos

Ransomware-related spam emails usually use archived attachments to deliver the malware. However, this time, we've found the ransomware Locky to arrive via spam emails that contain HTML attachments. In the spoofed mail, the subject title indicates the mail to be an 'INVOICE' and tells the recipient in the body of the email to find the requested invoice as attached. The said HTML attachment has the filename of 'A_[Random Numbers].html', and is already detected as 'HTML_IFRAME.YYRU'.

Spammed messages such as this one typically have attachments in them that come with malware, thus users are advised to carefully check unsolicited mails before clicking on any links or attachments. Users receiving suspicious emails should always exercise caution to avoid being tricked to executing malware.
 SPAM BLOCKING DATE / TIME: 05 de października de 2017 GMT-8
 TMASE
  • TMASE Engine: :
  • Patrón TMASE: :3372