Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a fax message notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the message. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5591KVR) may contain any of the following files:
FAX_id868626313476677174524815412269.zip
FAX_id{DIGIT[30]}.exe
The FAX_id{DIGIT[30]}.exe file in the FAX_id868626313476677174524815412269.zip attachment has a file size of 97,792 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x5AA0BD3BD921EB70660AE3A4B59E470D
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: FW: Corporate eFax message - 3 pages
Message Body:
Home Contact =a href="http://www.efax.com/help/faq" target="_blank" title="This external link will open in a new window">Login=/o:p>
This account is subject to the terms listed in the eFax Customer =greement.
Source: Cisco Systems