Threat Outbreak Alert: Fake HSBC Bank Transaction Notification E-mail Messages

Description

Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a payment transaction notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5655) may contain any of the the following files:

AA Aaaa.zip
TT COPY.exe


The TT COPY.exe  file in the AA Aaaa.zip attachment has a file size of 696,783 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x7753076EECD90246CF26C0011D31395E

The following text is a sample of the e-mail message that is associated with this threat outbreak:

Message Body:

Dear customer,
This email is to notify you that the following transaction has been made by our client for credit to your account.
Please find/download attachment to view payment details.HSBC Bank Building Baniyas Square,
Deira, Dubai..
Tel: Toll free 800 4423 within the UAE or + 971 4 2258097 from outside the UAE
Fax: +971 4 227 1784Know more about us on www.hsbc.ae Connect with us on Facebook at www.facebook.com/hsbc.ae
____________________________________________

Disclaimer: "The information contained herein (including any accompanying documents) is confidential and is intended solely for the addressee(s). If you have erroneously received this message, please immediately delete it and notify the sender. Also, if you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this message or any accompanying document is strictly prohibited and is unlawful. The organization is not responsible for any damage caused by a virus or alteration of the e-mail by a third party or otherwise. The contents of this message may not necessarily represent the views or policies of HSBC bank"

Source: Cisco