Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a remittance slip attachment for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5589KVR) may contain the following files:
Remittance Slip.zip
P.O.exe
The P.O.exe file in the Remittance Slip.zip attachment has a file size of 627,200 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x52931E6AC22FA90CFA5972E4D3737FE1
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Fwd: Remittance Slip
Message Body:
This message has been digitally signed by the sender.Signed email from others allows you to verify the authenticity of a message -- that the message is from the supposed sender and that it has not been tampered with during transit. Signed mail messages are designated with the signed mail icon.Any problems with a signed message will be described in a Security Warning which may follow this one. If there are problems, you should consider that the message was tampered with or was not from the supposed sender.
Source: Cisco Systems