Malware distributed in Office documents

---

Malware distributors currently use malicious Word and Excel files, attempting to bypass scanners. The malware is send in ZIP files attached to spam. The spam message claims that the attachment is an announcement for transfer of a large amount of money from their account.

 

The Office file contains a macro which drops "whlp32.exe" into the user profile. In turn "whlp32.exe" tries to download further malware.

 

The malicious spam messages are recognized by ASTPS.

 

---