Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a deposit transfer confirmation notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5737) may contain any of the following files:
Confirm Swift Copy.zip
Confirm Swift Copy.scr
The Confirm Swift Copy.scr file in the Confirm Swift Copy.zip attachment has a file size of 217,600 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xC521F981B26E3ACA4E8B03CDEB863D63
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Re: Please Correct your Bank Swift
Message Body:
Dear,
How are you today?
Please confirm details to enable me to finalize the deposit
transfer today. Kindly see Attached documents to find our TT copy
but please correct your Bank swift on the form and send by email
attachment so that i can finalize the Wire Transfer today as
requested by my colleague.I await your urgent confirmation.
Thanks and hope to hear from you soon
Huang Xue Ting
Source: Cisco