Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a payment notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5583) may contain the following files:
T.T COPY.zip
T.T COPY.scr
The T.T COPY.scr file in the T.T COPY.zip attachment has a file size of 478,095 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x55A0AD64A3C563FB975C74C06E2223A5
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Message Body:
Hello,
Find attached bank swift copy of payment, please confirm and arrange for shipment soon wait to hear from you.
Regards
Chong Bee Guan
Abu Dhabi, UAE
Source: Cisco