Just got a spam from 129.205.129.98 (somewhere in Africa looks like). 
Return path was my own email address (so on first glance it looked like
I sent myself an email).

Subject was simply "Document1".  No message body.  Attachment was
"Document1.zip".

Unzips to a 6kb .js file with a random-looking file-name (or perhaps
it's coded?).

Virus total scan result:

https://www.virustotal.com/en/file/4348030ad592f7cd3ec4691e8eccb3f916d55ea02488
90f7e137e4bdb2c6c800/analysis/1458140140/

Detection rate:  9/56

Here's who got it right:

AVG        JS/Downloader.Agent
Arcabit    HEUR.JS.Trojan.b
Cyren      JS/Nemucod.AC!Eldorado
F-Prot     JS/Nemucod.AC!Eldorado
Fortinet   JS/Nemucod.JW!tr.dldr
GData      Script.Trojan-Downloader.Agent.OB@gen
McAfee     JS/Nemucod.dx
NANO-Anti  Trojan.Script.Crypoload.eazafx
Tencent    Js.Trojan.Raas.Auto

Everyone else (including malwarebytes and kaspersky) get a big FAIL.

malwr analysis is here:

https://malwr.com/analysis/ZTFhNjdlYjIwNTNlNDdmYWFkOTkwNjljYjkxNTk0MGQ/

downloads malware from here:

    winjoytechnologies.com/v4v5g45hg.exe

winjoytechnologies.com is currently 192.185.37.228

I'm also seeing references to 

    149.202.109.205/main.php  (IP owned by OHV france)

VT scan of the above .exe file is pathetic:

https://www.virustotal.com/en/file/c001fccbb274a2e8fda7f394ed5834c7841760ccd886
e07046b1de545b2c36a0/analysis/1458141615/

detection rate 2/57:

Qihoo-360     QVM07.1.Malware.Gen
Rising        PE:Malware.XPACK-HIE/Heur!1.9C48 [F]

malwr scan is here:

https://malwr.com/submission/status/ZGVhOWVmMWZlMzc4NGFmYWI1MTAyZDlmZWMxNTgwY2I
/

Scan isin't finished - I don't know what it will show.
--- NewsGate v1.0 gamma 2