When content like a script is packaged as a Packager Shell Object, it can be opened and executed from within the Microsoft Office file in which it is embedded,' says Kevin Epstein, VP of the threat operations center at Proofpoint.
However, unlike most phishing emails containing malicious attachments, which use macros to avoid detection, this one uses an embedded object in the form of a Visual Basic Script that acts as a downloader for the malware.
Like many phishing threats, the email contains an attachment in the form of a Microsoft Word document, designed to deliver the payload. Hotels that offer business centers, equipped with PCs and other office machinery, are being targeted by hackers, the US Secret Service warns. US Secret Service warns of keyloggers on public hotel computers
