Description
Cisco Security Intelligence Operations has detected significant activity related to Turkish-language spam e-mail messages that claim to contain status updates for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to view the new shared files. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5084) may contain the following files:
Facebook-Güncelleştirmek.zip
Facebook-Güncellestirmek.pdf.exe
The Facebook-Güncellestirmek.pdf.exe file in the Facebook-GüncelleÅŸtirmek.zip attachment has a file size of 42,496 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xFC31A08E1E7C4A8B6EC2DDCC17CF8EAA
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Facebook Guncellestirmek
Message Body:
Facebook'ta kaçrmis olabileceginiz hareketlerden bazilarin burada bulabilirsiniz. Ekli dosyaya bak
2 diger arkadas Facebook'ta durum guncellemeleri, fotograflar ve daha baska gonderiler paylasti ekli dosyaya bak
Facebook'a Git
Tum Bildirimleri Go
Source: Cisco