ThreatTrack Security researchers recently came across a malicious spam campaign that claims to come from Prague's White Wedding Agency and copies the look and feel of the agency's Web site (h/t Softpedia).
The e-mail invites the recipient to a wedding, stating, "You are Cordially Invited to Celebrate the Our Wedding On Tuesday march the 29 at Four O'clock Followed by a Reception."
The spam e-mail ends by asking the recipient to click on a link to "Get Full Invitation Text." If you click on the link, you'll download a ZIP file that contains an executable file disguised as a Microsoft Word document. Open the executable, and a text file, Postal-Receipt-txt, will open to distract you while the malware launches in the background.
ThreatTrack identifies both the ZIP file and the executable as Trojan.Win32.Kuluoz.b.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"Kuluoz is capable of downloading other malicious software onto the infected system," writes ThreatTrack Security communications and research analyst Jovi Umawing. "This particular sample downloads a fake AV software, particularly WinWebSec."