Fake 'payment receipt' SPAM - delivers malware
15 Mar 2017 - "... an email with the subject of 'Document:36365' coming from random companies, names and email addresses with a semi-random named zip attachment which delivers what looks like Dridex banking Trojan ... One of the emails looks like:
From: Susie <Susie@ novayaliniya .com>
Date: Wed 15/03/2017 09:35
Attached is the copy of your payment receipt.
document_3332.zip: Extracts to: file_356.js - Current Virus total detections 0/56*
MALWR** shows a download of a txt file from http ://mercurytdsconnectedvessel .com/hjg6657 which is renamed by the script to hjg6657.exe (VirusTotal 8/61***) MALWR... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
mercurytdsconnectedvessel .com: 188.8.131.52: https://www.virustotal.com/en/ip-add...2/information/