Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a payment notification from American Express for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5849) may contain the following files:
CD0199381.656585981202.zip
CD0199381-04192013.exe
The CD0199381-04192013.exe file in the CD0199381.656585981202.zip attachment has a file size of 134,656 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xB10393BE747143F3B4622E9E5277FFCE
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: PAYVE - Remit file
Message Body:
A payment(s) to your company has been processed through the American Express Payment Network.
The remittance details for the payment(s) are attached (CD0199381.656585981202.zip).
- The remittance file contains invoice information passed by your buyer. Please contact your buyer
for additional information not available in the file.
- The funds associated with this payment will be deposited into your bank account according to the
terms of your American Express merchant agreement and may be combined with other American Express deposits.
For additional information about Deposits, Fees, or your American Express merchant agreement:
Contact American Express Merchant Services at 1-800-528-3672 Monday to Friday, 8:00 AM to 8:00 PM ET.
- You can also view PAYVE payment and invoice level details using My Merchant Account/Online Merchant Services.
If you are not enrolled in My Merchant Account/OMS, you can do so at www.americanexpress.com/mymerchantaccount
or call us at 1-866-220-6230, Monday - Friday between 9:00 AM-7:30 PM ET, and we'll be glad to help you.
For quick and easy enrollment, please have your American Express Merchant Number, bank account ABA (routing number)
and DDA (account number) on hand.
This customer service e-mail was sent to you by American Express. You may receive customer service e-mails even if you have unsubscribed from marketing e-mails from American Express.
Copyright 2013 American Express Company. All rights reserved Contact Customer Service: https://www.americanexpress.com/messagecenter
******************************************************************************
"This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."
******************************************************************************
Source: Cisco Systems