New Malware warning

Not sure if this is trhe right place to post a new malware that comes disguised in a word documet.
The document has macro for phishing.
These land in my junk mail folder anyway, just delete.

The IP trace on another web sight say’s it comes from these places

Can I use CIS to block specific IP, or is it best to block from Modem/Router settings ?


These server addresses may change. It is better to block macros in Word. That way even if you or another person would open the attachment the malware cannot start.

OVer the past months a lot of malware that came by mail was using Javascript (.js) and sometimes Visual Basic Scripts (.vbs) or Windows Script File (.wsf). To protect yourself in case you or somebody else got tricked into opening such files is to make Notepad the default program to open , .js, .vbs and .wsf files.

Go to Control Panel → Default Programs → Associate a file type or protocol with a specific program. Then look up the three file types one by one. Select one file type and push the Change program button (towards the upper right corner). Do this for all file types.

Thanks Eric,
I’ll just delete after reading what ransom-ware is

Read up a bit on this ransom-ware payload,
Would not risk opening these file attachments even if curious to view the code withing the attachments.
Once infected and your files are encrypted, then they seek payment in bitcoin to have the decryption key sent.

I get those emails with the script files in a zip archive. I unpack them to a designated folder and submit the malware to CIMA or may also sometimes check the file at Virus Total. I do that on my ‘production machine’.

If people stay cautious with believing emails and have the script files opened by Notepad and macros disabled in Word a lot of current malware will not get a foot ashore.