Site: customers.invoice-appmy.0rg/B4VByTbwk4/customer.php?h=Ym8ubHVuZHN0cm9tQGdlLmNvbQ0K
IP: 118.67.250.91

Exploits a Graphical exploit in Word

You can also find it here: http://www.malwaredomainlist.com/mdl.php (warning not a site for people w/o experience with viruses).

DBD (Drive-by Download).

!!Blocked by Comodo Secure DNS!!

Ideas?

Bum for Site Anaylsis?

VT on the File: https://www.virustotal.com/en/file/6c654921074a82ff6f4a6309b5dfa94587efcb81cd3d8559eac3488102f51d0a/analysis/1384520557/

AVG gives malware in the last 7 days: http://www.avgthreatlabs.com/website-safety-reports/domain/invoice-appmy.org/

URLQuery: http://urlquery.net/report.php?id=7725141 (Nice screenshot of the site)

Zulu: 100% malicious http://zulu.zscaler.com/submission/show/1b404dc7e350fd4c6fb12ee85c049d4a-1383909015

Clean for Sucuri ,Quettra and Google Safebrowsing.

File is an Office 1997-2003 document.

File is reported to Avast.

Screenshot of the open file is attached.

The curious case of a CVE-2012-0158 exploit
http://www.securelist.com/en/analysis/204792298/The_curious_case_of_a_CVE_2012_0158_exploit

Hi Pondus,

For those that ignored this threat, they can still install the MS-Fixit for the exploit: http://go.microsoft.com/?linkid=9840894
the download link to MicrosoftFixit51004.msi and be protected,

polonus