Analysis by: Cedrick Ramos

An email poses to be a customer statement for a payment due. The sender asks the receiver to send a payment to settle a December Invoice. Once the user opens the attached document, a malicious macro will be executed. The malicious macro is detected as W2KM_DRIDEX.YYSQQ.

DRIDEX malware are known to use spam to spread to a number of users. For your protection, make sure that you have email filtering software enabled. In addition, do not open email attachments that are not from known or expected senders.

 SPAM BLOCKING DATE / TIME: January 22, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2082