Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an identity confirmation notification from PayPal for the recipient. The text in the e-mail message attempts to convince the recipient to open the attached form and fill in requested information. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5842) may contain the following files:
Identity_Issue-04182013.zip
Identity_Issue-04182013.exe
The Identity_Issue-04182013.exe file in the Identity_Issue-04182013.zip attachment has a file size of 134,144 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x2B84BEF87A5968EB6C33A841D60EE429
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Identity Issue #PP-996-957-350-315
Message Body:
We are writing you this email in regards to your PayPal account. In accordance with our "Terms and Conditions", article 3.2., we would like to kindly ask you to confirm your identity by completing the attached form.
Please print this form and fill in the requested information. Once you have filled out all the information on the form please send it to verification@paypal.com along with a personal identification document (identity card, driving license or international passport) and a proof of address submitted with our system ( bank account statement or utility bill )
Your case ID for this reason is PP-1PMEN5COTPY1
For your protection, we might limit your account access. We apologize for any inconvenience this may cause.
Thanks,
PayPal
CONFIDENTIALITY NOTICE:
This electronic mail transmission and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information belonging to the sender (PayPal , Inc.) that is proprietary, privileged, confidential and/or protected from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distributions of this electronic message are violations of federal law. Please notify the sender of any unintended recipients and delete the original message without making any copies. Thank You
PayPal Email ID PP92907
Source: Cisco Systems