Talos researchers identified a short lived spam campaign that was delivering a new variant of Dridex. This particular campaign lasted less than five hours and was successful at mutating the subject and attachments to avoid detection. The use of macro enabled word documents has exploded over the last year, a primary example payload being DrideX. Both campaigns downloaded the same file from a range of different addresses. The body of the email itself was completely blank. If a user did open the attachment they were presented with a non-legible word doc, that downloads a file via macros using a hard coded IP address.”]
Source: https://blog.talosintelligence.com/2015/04/threat-spotlight-spam-served-with-side.html