Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a secure message notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the message. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5651) may contain any of the following files:
SecureMessage.zip
SecureMessage.exe
The SecureMessage.exe file in the SecureMessage.zip attachment has a file size of 192,512 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x0EE2A70A0BB542FEA1F392211C29D37
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Fwd: You have received a secure message
Message Body:
The Royal Bank of Scotland - Secure Message
*******************************************************************
You have received a secure messageRead your secure message by opening the attachment, SecureMessage.zip. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it with Adobe Reader.If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the RBS Secure Email Help Desk at 0845 301 5748.First time users - will need to register after opening the attachment.
About Email Encryption - http://www.rbs.co.uk/staying-safe-online/email-encryption.ashx
*******************************************************************
The contents of this E-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or Integra Services UK LTD or it's affiliates. Any views or opinion presented in this email are solely those of the author and may not necessarily reflect the opinion of RBS ( The Royal Bank of Scotland ) or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and/or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this E-mail in error please delete it and notify the sender immediately.
Source: Cisco Systems