Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a business proposal for the recipient. The text in the e-mail message attempts to persuade the recipient to open the attachment and view the details. However, the .rar attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5358) may contain the following files:
agreedoc.rar
image.scr
The image.scr file in the agreedoc.rar attachment has a file size of 1,404,928 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x24C89C029DB41B8FB684860BB2F8270E
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Fwd: Business Proposal/Agreement Doc
Message Body:
Sent from my iPad
Begin forwarded message:
> From: Carissa Mullins
> Date: February 21, 2013 2:32:57 PM MST
> To: undisclosed-recipients:;
> Subject: Business Proposal/Agreement Doc
>
> Please find attached document and acknowledge
>
> Regards
> Ms Carissa Mullins
> (Business Development SHELL GROUP OF COMPANY)
Source: Cisco