Analysis by: Mary Isabel Segismundo

A JavaScript malware is seen in a spam outbreak involving a spammed message pretending to be an invoice notification email with suspicious ZIP attachments. As per the usual route of spam, the body of the message tries to convince the reader to open the attachment by alerting them to alleged unpaid invoices to their account and asking the recipient the reason of non-payment. This creates a sense of urgency that may just push users to view the attachment. Opening said attachment subjects the user's system to infection of the detected malware, namely JS_NEMUCOD.YYMG, which may download other malware onto the affected system.

Users are advised to always check email thoroughly before opening attachments, especially if email comes from unknown sources.

 SPAM BLOCKING DATE / TIME: March 29, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2228