Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a delayed payment notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .rar attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5346) may contain any of the following files:
Swift Order.rar
Swift Order.scr
The Swift Order.scr file in the Swift Order.rar attachment has a file size of 1,630,260 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x05A2029C0AFA75D3532ACE9120B04F3A
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: RE: payment for my new order
Message Body:
Pls. in reference of the transaction made with your company last time,sir we are sorry for the payment delay pls is do to absent of the chairman M/D of the company who travels for a long time for his health and came back by Nov- Dec last year 2012,pls sorry that delay pls bear with us and thanks for your understanding,
furthermore, pls the sun of $100,000 dollars has been transfer to your acct on Friday 11th Jan 2013, for the operation table, and the money will hit your acct by Monday or Tuesday nest week.
thank for your understanding and your cooperation
Best Regard
Cee-bex inter, Ltd
Source: Cisco