From: El UniversalThis translates roughly as:
Date: 16 December 2014 at 09:06
Subject: Localizan a los 43 estudiantes desaparecidos en Ayotzinapa.
Localizan a los 43 estudiantes desaparecidos en Ayotzinapa.
Hoy 16 de diciembre del 2014 por la madrugada, agentes de la Policía Ministerial de Guerrero
han localizado con vida a los 43 estudiantes, desaparecidos el dia 26 de septiembre del 2014.
Para ver imágenes exclusivas del reencuentro de los estudiantes con sus familias, y las condiciones en que
vivieron durante su secuestro, anexamos un documento en este correo electrónico en formato Microsoft Word.
El Universal © todos los Derechos Reservados 2014.
Located at 43 students missing in Ayotzinapa.This email relates to the kidnapping and possible murder of 43 Mexican students which has been blamed by some on the Mexican Police.
Today December 16, 2014 at dawn, agents of the Ministerial Police Guerrero
have been located alive at 43 students, missing the day September 26, 2014.
To view exclusive footage of the reunion of students and their families, and the conditions under which
They lived during his abduction, we attach a document to this email in Microsoft Word format.
The Universal © All Rights Reserved 2014.
The Word document contains a malicious macro, and detailed instructions for the victim on how to disable the inbuilt security to enable it to run.
Once this has been done, the malicious macro [pastebin] runs. This attempts to download a file from:
At the moment, this download location is coming up with a 404 error. If the download were to work, it would save the file as %TEMP%\ test00010.exe. The Word document has a moderate detection rate of 10/54.
This type of malicious spam has been around for a long time, and this particular technique seems to be exclusively in Spanish, I have never seen this attack in English or any other language.