Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a new digital certificate from the Bank of America CashPro Online Security Team for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment for instructions on the installation process. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5342) may contain the following files:
cashpro_digital_cert_0115793115810218904.zip
cashpro_digital_cert_{DIGIT[19]}.exe
The cashpro_digital_cert_{DIGIT[19]}.exe file in the cashpro_digital_cert_0115793115810218904.zip attachment has a file size of 139,264 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xD89E680D6E9FEE363B27E6479A4DFFD3
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Your CashPro Online Digital Certificate
Message Body:
Dear CashPro Customer,
This email is being sent to inform you that you have been granted a new digital certificate for use with Bank of America CashPro® Online.
Please open the attachment and you will be guided through a simple process to install your new digital certificate.
If you have any questions or concerns, please contact the Bank of America technical help desk.
Thank you for your business,
Bank of America
CashPro Online Security Team
Please do not reply to this email .
©Copyright 2013 Bank of America Merrill Lynch. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.
Source: Cisco