“Premium Charging MI Package for Merchant 17143013” docm virus spam.

Another new week and at least two new bits of junk through in e-mail this morning.
The most interesting of which is this one which I think is similar to the previous spam runs I’ve seen.

From: GEMS@Worldpay.com
Subject: Premium Charging MI Package for Merchant 17143013
Attachment: “17143013 01.docm”

*** Please do not reply to this Message *** Attached is the Management Information to support your Monthly Invoice. Should you have any queries, please refer to your usual helpdesk number.

The attachment is…
SHA256 6011af6c2682d6acc32673b68be89a42c274ea5988117cdc3a05616bc5cb6f8d
VirusTotal Report

Weirdly when I tried to open the attachment Office claimed the file was corrupt.
It seems another researcher / recipient of this junk also experienced the same.

As with the previous .docm spam runs, they were blocked at the e-mail gateway. I suggest you also block all .docm files.

This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s