Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a swift deposit notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .rar attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5549) may contain any of the following files:
Payment Copy.rar
Payment Copy.scr
The Payment Copy.scr file in the Payment Copy.rar attachment has a file size of 213,504 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x1E8523030E1F82E6D0FF57E65C7264FA
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: IRON EXE_Attachment _
Message Body:
Find attached swift copy for the deposit payment of $54,000usd made to
your account today.
Please confirm with your bank and release the original documents to our office.
Regards
Mr. Gholamreza Jomehpour
Afrodist Technology
Source: Cisco