A malicious spam campaign that s been doling out zipped Javascript (.js) files all year remains an issue, the SANS Internet Storm Center warns. Once victims receive the spam emails, open the attachments, and run the.js files, they open themselves up to a slew of different types of malware, including Corebot, Kovter, and Miuref. The spam comes disguised as plaintext emails from American Airlines, FedEx, the IRS, and other phony sources.
Source: https://threatpost.com/spam-campaign-continuing-to-serve-up-malicious-js-files/114690/