Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain contract information for the recipient. The text in the e-mail message attempts to persuade the recipient to open the attachment and view the details. However, the .rar attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5053) may contain the following files:
CONTRACT.rar
dude6.exe
The dude6.exe file in the CONTRACT.rar attachment has a file size of 161,200 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xBBBA4ED2760A781F9CFEB733EC1808C8
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: CONTRACT.
Message Body:
SGWORLD DVPN LIMITED
ADDRESS: RICHTER, HYDE RD, GORTON,
MANCHESTER, LANC, M187HT, UNITED KINGDOM
EMAIL: xxx@europe.com
PHONE: +448719748804, +448719748798
FAX: 448719748800
AMERICA
234 OAKLAND AVE. SAN JOSE CALIFORNIA
95106, UNITED STATES OF AMERICA
PHONE:+1-514-1770657
FAX :+1-514-0992430
AUSTRALIA
Blk 124 #10-52 Tampines Street
21, MELBOURNE AU
PHONE:+6184610036
FAX:+6184377001
Source: Cisco