Analysis by: Mary Isabel Segismundo

Spammers have found DRIDEX-related spammed messages leveraging the Christmas season. It appears to be an invoice from a Christmas-related decorating retailer.

Upon further investigation, the attached invoice is found to be malicious and is detected as W2KM_DRIDEX.MFO. Users are advised to always be wary when opening attachments from unknown senders.

 SPAM BLOCKING DATE / TIME: December 24, 2015 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2022