I've received more of these spams with zip-compressed .js files.  Got
one just today:

https://www.virustotal.com/en/file/de51212777a6f578c07723458a40238433ff21b88c1f
3f45ba0ca4abda999b9e/analysis/1442838172/

Detection score 8 / 57 (submitted 5 hours after it showed up in my
mailbox).

Kaspersky (and many others) still fails early detection.

Here is a description of this campaign and infector:

http://phishme.com/a-peek-inside-an-affiliates-malspam-operation-kovter-and-miu
refboaxxe-infections/#

What I don't get is that the .JS file being distributed is still failing
to execute on win-98 script host.  I was thinking that perhaps this
exploit was trying to leverage some "new" or known vulnerability in some
newer (nt-based) scripting host engine, but I can find no mention of any
such phenomena.

So it seems that there is some sort of structural / functional
difference between the scripting host of win-98 vs NT that is necessary
to enable this exploit .js code to function, and hence win-9x systems
are not affected.

Another "if it works, it's not complicated enough" moment brought to you
by Micro$haft.
--- NewsGate v1.0 gamma 2