The malicious email itself is a copy and paste of a legitimate email from Blackberry. And though the attachment indeed raises suspicion, there's no malicious or compromised URL in it. 17/36 AV engines identify the malware in VirusTotal.
ThreatScope analysis, which is a part of the Websense CSI service, reports that running the attachment drops other executable files and modifies the system registry to automatically start these malware programs when the system starts.
Author: Mary Grace Timcang, Websense.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.