Análisis realizado por Joachim Capiral

We have observed a spam outbreak where email messages pose as a simple billing email. It uses Bill in its subject, along with random numbers and a document file as an attachment. There are no messages in the spam message body, making a curious reader eager to click and open the attachment. As with spam like this, the attachment contains a malicious macro, detected as W2KM_DLOADR.YYSWI. This macro is known to download other files, possibly malicious in nature, in the affected system.

Trend Micro product users automatically are protected from the execution of the attachment. Products where spam filtering is enabled assures that this kind of spam never reaches your inbox.

 Fecha/hora de bloqueo del spam: 17 de diciembre de 2016 GMT-8
 TMASE
  • Motor TMASE:8.1
  • Patrón TMASE: 2766