Analysis by: Farrel Moje

We spotted spam mail with the subject of New Order, claiming that there's an attached invoice for a new order. The spam mail contains a .DOC file. When a user opens the said document, a macro embedded in the document triggers the execution of a malware known as a variant of W2KM_DRIDEX.

DRIDEX is a banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, attackers can steal banking credentials and other personal information on the system, causing financial loss to its victims.

We have observed several spam runs coming from different sources. In some spam runs, there are as many as 40,000 mails sent out bearing the same information. We strongly advise to never open any attachment to an email, unless you are expecting it.

 SPAM BLOCKING DATE / TIME: January 28, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2096