Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a purchase order payment notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the payment details. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5562) may contain any of the following files:
Payment TT Copy.zip
Payment TT Copy.scr
The Payment TT Copy.scr file in the Payment TT Copy.zip attachment has a file size of 478,095 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x95220FD4C5E30554B179073B6DAC5DB1
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Message Body:
Dear Sir/Madam
Please find in this email our payment details for the order our client has placed from
your company. The details and all relevant information regarding this purchase is
attached. I look forward to receiving a response from you and details of shippment of our
purchase.
Best Regards
Steve Hoane
Haribo Group of Company LTD
Source: Cisco