New Javascript malware

MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Your Amazon.co.uk order has dispatched (#583-6989419-8889556)”.

This email is send from the spoofed address “”Amazon.com” <auto-shipping@amazon.com>” and has no body content in the email. It is clear that this fake email doesn’t originate from Amazon directly.

The attached file invoice84576872.doc is a Word file with malicious macro.
The attached file ORDER-583-6989419-8889556.zip contains the file 4775327493_4421613.js.

The malware is detected as Trojan.Ransom-Locky!8.4655-fi21vws43hB (Cloud) by 3/56 AV engines at Virus Total.