I am seeing a new malware campaign this morning hitting UK abusing google docs. So far I can’t get the final payload, so I don’t know what it is supposed to be. I have had intermittent luck with getting the vbs file inside a zip. Sometimes I get a blank page, one time I did get the malware zip. It all starts with an email with a subject of Invoice, Order, Purchase order, Purchase data or similar, all with random numbers. The link in the email goes to a google docs page where you see what is described as a … Continue reading →