Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an overdue payment notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the payroll reports for past months. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5409) may contain the following files:
Payroll_Reports_27-02-2013.zip
Payroll_Reports_27-02-2013.exe
The Payroll_Reports_27-02-2013.exe file in the Payroll_Reports_27-02-2013.zip attachment has a file size of 126,464 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x7AE2A20D310199293B2E0E9D461EBFB0
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Payment Overdue - Please respond
Message Body:
Please find attached payroll reports for the past months. Remit the new payment by 03/03/2013 as outlines under our payment agreement.
Sincerely,
Dianne Evans
This e-mail has been sent from an automated system. PLEASE DO NOT REPLY.
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
Source: Cisco