We receive a number of emails from our honeypot that pretend to be coming from f-secure. It dominantly uses a spoofed sender address, “David Adams”, that binds the person to the abovementioned antivirus company.
The malware uses social engineering as seen on the contents of the message aside from spoofing the sender’s address. It convinces the recepient of the email to open and execute the attachment by it’s somewhat-convincing-message-body.
Please see the advisories for the details about the incident.