Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an ACH Process End of Day Report notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment for details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5460) may contain the following files:
ACAS03041348044371PARA4075.zip
ACAS030413{DIGIT[8]}PARA{DIGIT[4]}.exe
The ACAS030413{DIGIT[8]}PARA{DIGIT[4]}.exe file in the ACAS03041348044371PARA4075.zip attachment has a file size of 129,536 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xDC9D57AA6068A0068E98B13B0F9A60ED
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: ACH Dept. Notification : ACH Process End of Day Report
Message Body:
Attached is a summary of Origination activity for 03/04/2013
If you need assistance please contact us via e-mail at paychexemail@paychex.com during regular business hours.
Thank you for your cooperation.
Source: Cisco