Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a school admissions notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view some school credentials. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5388 and RuleID5388KVR) may contain the following files:
Credentials.zip
credential.scr
The credential.scr file in the Credentials.zip attachment has a file size of 970,752 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x387F6525B89A98037C2C9D1959110680
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: My daughter’s credentials
Message Body:
Attention: To whom it may concern
I am Susan Robinson and I would like to apply for my daughter's admission in your school and my daughter's name is Clara.
I have great respect for your schools fine reputation and think highly of the school's many facilities. I believe your school can provide a good environment in which she can study, and can effectively equip her for the challenges of her future.
Find attached some of her school credentials. I hope to receive all that will be required for her admission into your school.
Sincerely
Susan Robinson
Phone: 15179360116
Source: Cisco