Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a secure message notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the message. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5657) may contain the following files:
Key_Secure_Message.exe
Key_Mickey_Langford.zip
The Key_Secure_Message.exe file in the Key_Mickey_Langford.zip attachment has a file size of 100,864 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xBAC6B8BFB5008E5D9AF61A8A004DB53D
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Key Secured Message
Message Body:
You have received a Secured Message from:
Kennith_Smith@key.com
The attached file contains the encrypted message that you have received.
To decrypt the message use the following password - T7wrAder
To read the encrypted message, complete the following steps:
- Double-click the encrypted message file attachment to download the file to your computer.
- Select whether to open the file or save it to your hard drive. Opening the file displays the attachment in a new browser window.
- The message is password-protected, enter your password to open it.
This e-mail and any attachments are confidential and intended solely for the addressee and may also be privileged or exempt from
disclosure under applicable law. If you are not the addressee, or have received this e-mail in error, please notify the sender
immediately, delete it from your system and do not copy, disclose or otherwise act upon any part of this e-mail or its attachments.
If you have concerns about the validity of this message, please contact the sender directly. For questions about Key's e-mail encryption service, please contact technical support at 888.764.1779.Copyright © 2013 KeyCorp®. All Rights Reserved
Source: Cisco