Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an online tax refund submission notification for the recipient. The text in the e-mail message attempts to persuade the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5813) may contain the following files:
VAT Returns Repot 534702975.zip
VAT Returns Repot {_hmrcref}.exe
The VAT Returns Repot {_hmrcref}.exe file size in the VAT Returns Repot 534702975.zip attachment is unavailable. The MD5 checksum is also unavailable.
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Successful Receipt of Online Submission for Reference 534702975
Message Body:
Thank you for sending your VAT Return online. The submission for reference 534702975 was successfully received on 2013-04-15 T11:31:21 and is being processed. Make VAT Returns is just one of the many online services we offer that can save you time and paperwork.
For the latest information on your VAT Return please open attached report.
The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Cable&Wireless Worldwide in partnership with MessageLabs. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
Source: Cisco Systems