A new (to me) malware spam
I haven’t seen this particular malware spam before – obviously it is not the real thing :)
Note the @nyc.gov email address.
The message path is interesting – the email *apparently* originated from nyc.gov (184.108.40.206) to be picked up by 220.127.116.11 (obbh.com - India Delhi Rcom-wireless-1x-mumbai).
Interestingly, 18.104.22.168 does, apparently, host nyc.gov as well as nycppf.org - the host resolves as prtl-drprd-web.nyc.gov.
So, are we looking at forged headers or a problem affecting nyc.gov? Note how the dates are screwy – according to the headers the mail was sent from 22.214.171.124 on 3 August but wasn’t passed on by 126.96.36.199 until the 17th of August?
The attachment is definitely bad – when unzipped the contents (a single file) has a PDF icon but is actually an EXE: