Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an account password reset notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5454) may contain the following files:
Optus-Forgotten-Password-Assistance.zip
Optus-Forgotten-Password-Assistance.pdf.exe
The Optus-Forgotten-Password-Assistance.pdf.exe file in the Optus-Forgotten-Password-Assistance.zip attachment has a file size of 42,343 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xE68DC9CFC085AC06ACC23F89F5165683
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Optus.com.au Password assistance
Message Body:
Forgotten Password
This email was sent automatically by Optus in response to your request to reset your password.
Please refer to attached file to log in using your temporary password.
PROTECT YOUR PASSWORD.
NEVER give your password to anyone, including Optus employees.
Thank you,
Optus
Source: Cisco