Today’s first example of malware received overnight is a slightly less usual delivery method for Lokibot. The email is a common lure pretending to be a quote / Inquiry request and is nothing special. The subject is “Re: Inquiry / Quotes” coming from “Purchase_dept <mmail@wctv.tinp.net.tw>” , it has a malicious word doc attachment delivering Lokibot. What is slightly different to usual is the word doc. This is actually a RTF file renamed to doc. It contains the malware file embedded in it as an ole object, along with an innocent word doc displaying a few words of text. Both of … Continue reading →