Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an overdue payment notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the invoices. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5354) may contain the following files:
QuickBooks_Invoice_09882891.zip
QuickBooks_Invoice_09882891.exe
The QuickBooks_Invoice_09882891.exe file in the QuickBooks_Invoice_09882891.zip attachment has a file size of 147,968 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x5C8D14A75CC0E994EF18019CC370FA83
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Please respond - overdue payment
Message Body:
Please find attached your invoices for the past months. Remit the payment by 02/25/2013 as outlines under our "Payment Terms" agreement.
Thank you for your business,
Sincerely,
Junior Lozano
This e-mail has been sent from an automated system. PLEASE DO NOT REPLY.
The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you.
Source: Cisco