From: Elouise Massey [Elouise.Massey@supertouch.com]In the sample I received, the attachment was corrupt but should have been a file a malicious Word document S-CON-A248-194387.doc. The document and payload is exactly the same as the one being sent out today with this spam run (read that post for more details) and is very poorly detected, although blocking access to the following IPs and domains might help mitigate against it:
Date: 23 October 2014 10:52
Subject: Order Confirmation
Thank you for your order, please check and confirm.
Allied International Trading Limited
Telephone 0845 130 9922
Fax 0845 130 9933