New York City Police "Homicide Suspect" spam using goo.gl shortener to spread malware

The bad guys are enjoying the goo.gl URL shortening service at the moment (remember, you can report goo.gl spam to goo.gl/spam-report). This spam is slightly unusual..

From:     ALERT@nyc.gov [ALERT@static-23-106-230-77.ipcom.comunitel.net]
Date:     1 August 2014 10:43
Subject:     Homicide Suspect

Bulletin Headline: HOMICIDE SUSPECT
Sending Agency: New York City Police
Sending Location: NY - New York - New York City Police
Bulletin Case#: 14-10078
Bulletin Author: BARILLAS #9075
Sending User #: 94265
APBnet Version: 287320

The bulletin is a pdf file. To download please follow the link below (Google Disk Drive service):

https://goo.gl/RwNKEA


The Adobe Reader (from Adobe.com) will display and print the bulletin best.

You can Not reply to the bulletin by clicking on the Reply button in your email software.

The link in the email is goo.gl/RwNKEA which goes to unionlawgroup.com/wp-content/images/Documents-43632.zip which is exactly the same payload as used in this spam.

Adding a "+" to the end of the URL reveals the click statistics

Blocking unionlawgroup.com is probably a good idea.