Another day and another word doc "invoice" containing a macro, which if run will start downloading
malware from various servers around the globe.
The current run format is from a forged "UK Fuels" template:
Subject: UK Fuels E-bill
Customer No : 35056
Email address : email@example.com
Attached file name : 35056_49_2014.doc
Please find attached your invoice for Week 49 2014.
In order to open the attached DOC file you will need
the software Microsoft Office Word.
If you have any queries regarding your e-bill you can contact us at firstname.lastname@example.org.
UK Fuels Ltd
The 35056_49_2014.doc seems to have two variants at the moment, current detected [0/56] at VirusTotal:
Currently 0 hour detected as: Sanesecurity.Malware.24631.XlsHeur.UNOFFICIAL