A single email arrived today, with a couple of interesting attachments...
From: "Sakai Trading Inc" email@example.com
Date: Fri, 26 Dec 2014 04:40:27 +0000
Subject: Fw: 2x40ft containers New York Long Beach
Please find attached and quote for us your best price to New York Long Beac=
h. We need to know the exact mass production time needed after paying the d=
eposit payment and also the aprox delivery time to New York Long Beach by s=
ea. What are your payment terms? Can you accept LC at sight or cash against=
Also we need to know if we can visit your place after new year so we can ta=
ke a look on the production process there.
Sakai Trading Company Inc
3300 Polo Place, Bronx, New York, 10453, USA
Attached to the above email are two files...
2x40ft containers New York Long Beach USA.doc and 2x40ft containers New York Long Beach USA.rar.
2x40ft containers New York Long Beach USA.rar contains a .pif executable, in a folder:
2x40ft containers New York Long Beach USA\2x40ft containers New York Long Beach USA.pif and
it reported on VirusTotal as:
[Hash: fc6d66e5bf18b5f55aa847f08a32a25] (3/56) and contains
Malwr Report [here]
The 2x40ft containers New York Long Beach USA.doc file, is reported on VirusTotal as:
[Hash: aa76b4d979ebf24437a4335a11dba98] (13/56) and contains Exploit.RTF.CVE-2012-0158
Malwr Report [here] shows that it steals information from browsers