Hi,
I have been reading the forum, and I cannot find some reference to a new type of viruses that is spreading by email in Argentina.
The users receive a spoofed mail with real data (name, subject, and sign). This mails are sent using smtp servers different to the original domain name.
The mail claims to user to open an DOC / DOCX attached, called "Factura.docx" or variants, and relies in the user curiosity to open.
I have attached a sample, (please rename to DOC, due to forum cannot allow post of doc files)
and here is the virustotal detection:
https://www.virustotal.com/#/file/5df2004a2013e136c42770dec6a6a128819ffa86d35ec811aca59ecf8d935b9e/community I have subitted this sample too, to Avast viruslab - but I have received a confirmation as "False positive report".
This appears to be affecting only users in Argentina.
Waiting for your comments.