Description
Cisco Security Intelligence Operations has detected significant activity related to German-language spam e-mail messages that claim to contain account statement information for the recipient. The text in the e-mail message attempts to persuade the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5391) may contain the following files:
Rechnung_TS_Kauferschutz_2013_2.zip
Rechnung TS Kauferschutz 2013-2.exe
The Rechnung TS Kauferschutz 2013-2.exe file in the Rechnung_TS_Kauferschutz_2013_2.zip attachment has a file size of 341,127 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x9A8EDED13C9F5227DB706AF600E2E387
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: B©_Outdoor-shop.com_GmbH_2013_Garantiekonto:_n»ï35600112
Message Body:
?»?Guten Tag,
mit dieser E-Mail erhalten Sie Ihre aktuelle RechnungOnline sowie unsere AGB als PDF-Format. Ihre Rechnung ist bereits beglichen, gesamtsumme:
117,19 EUR
Source: Cisco