Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a scanned document for the recipient. The text in the e-mail message instructs the recipient to open the .zip attachment to view the document. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5036) may contain the following files:
Scan_01-09-2013-EUW054XT.zip
Scan-01-09-2013.exe
The Scan-01-09-2013.exe file in the Scan_01-09-2013-EUW054XT.zip attachment has a file size of 198,920 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xD7C48C9395C504799595199AD4018894
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: IRON Sender_Franco _
Message Body:
Reply to: scanner@francomfg.com
Device Name: Not Set
Device Model: MX-2652N
Location: Not Set
File Format: PDF (Medium)
File Name: Scan_01-09-2013-EUW054XT.zip
Resolution: 200dpi x 200dpi
Attached file is scanned image in PDF format.
Adobe(R)Reader(R) can be downloaded from the following URL: http://www.adobe.com/
Source: Cisco