Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain multiple messages for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the message. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5436) may contain any of the following files:
Products_PO.zip
Products_PO.exe
The Products_PO.exe file in the Products_PO.zip attachment has a file size of 573,206 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x925FC6C6530B1EBE2D6DCE266D208289
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: 10 messages. 3/3/2013 12:01:45 AM
Source: Cisco