Another new week and at least two new bits of junk through in e-mail this morning.
The most interesting of which is this one which I think is similar to the previous spam runs I’ve seen.
From: GEMS@Worldpay.com
Subject: Premium Charging MI Package for Merchant 17143013
Attachment: “17143013 01.docm”*** Please do not reply to this Message *** Attached is the Management Information to support your Monthly Invoice. Should you have any queries, please refer to your usual helpdesk number.
The attachment is…
SHA256 6011af6c2682d6acc32673b68be89a42c274ea5988117cdc3a05616bc5cb6f8d
VirusTotal Report
Weirdly when I tried to open the attachment Office claimed the file was corrupt.
It seems another researcher / recipient of this junk also experienced the same.
As with the previous .docm spam runs, they were blocked at the e-mail gateway. I suggest you also block all .docm files.