VERY IMPORTANT

Since the early hours of October 8, employees of various corporations in Japan started to receive suspicious-looking emails which turned out to carry malicious attachments. These emails are part of a wave of malware-ridden spam attacks that are currently active in Japan. There are two variations of the emails: one is an order confirmation from a Japanese equipment supplier and the other pretends to come from a local printing company. The emails come with an attached Microsoft Word document file. The document contains a malicious macro, which attempts to download the same executable file (65g3f4.exe) from multiple remote locations. The multiple downloads is probably a redundancy measure in case some sources are taken down. We have observed download attempts from the following domains: