Analysis by: Catherine Loveria

This spam campaign has two different sets of emails, both of which pretends to be an invoice email having attachments. The attachments are said to be paid by the recipients. However, these mails come with malware attachments in the form of a malicious MS Excel macro. Both are detected as variants of X2KM_LOCKY and X2KM_DLOADR.

Spam filtering helps block these kinds of emails. Users are advised to always enable spam filtering. Trend Micro product users are always protected from these kinds of emails.

 SPAM BLOCKING DATE / TIME: November 30, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.1
  • PATTERN:2730