Spam Disguised as Invoice Carries Malware

 Analysis by: Franz Ryan Englis

A recent spam outbreak we have observed involved email disguised as an invoice for a certain purchase order and pretends to be coming from legitimate companies such as Telstra or Cathay Pacific. However, similar to legitimate email, the message body contains the usual Do not respond to this email address. It also tries to assure its victims by mentioning that the email has been scanned by an email scanning software and provides a link to security software company. When the user opens the attachment, it contains a malicious macro detected by Trend Micro products as W2KM_LOCKY.OSRS.

Trend Micro users are protected from this threat even before the message gets in their inboxes as the Smart Protection Network detects and blocks the spread of this spam.

 SPAM BLOCKING DATE / TIME: December 07, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.1
  • PATTERN:2746