Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a bank transfer request notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .pif file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5444) may contain the following files:
Transfer.zip
beau.pif
The beau.pif file in the Transfer.zip attachment has a file size of 543,509 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xE0001998BD4811A65E9391D2B8DA1B86
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Re: transfer alert
Message Body:
We are presently reviewing a request to transfer the amount of $9,860 from your account. Go through the attached document and respond as soon as possible.
Bank Transfer Department.
Source: Cisco