Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to a notification of a MasterCard cash reward from PayPal for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to download the attached file and apply. However, the attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5094) may contain the following files:
paymentfile.exe
The paymentfile.exe file has a file size of 242,176 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xAB0C0D27D28176CF7BD059CD4E8760B8
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: You are Lucky Beneficiary of PayPal Reward
Message Body:
PayPal Reward Center
Dear PayPal Account User ;
As part of our millennium developmental goals reward for fiscal year 2013,
PayPal has chosen you
to be one of the lucky beneficiaries of 2013 PayPal Extras MasterCard Cash
Reward.
Please download the attached file to apply your PayPal Extras MasterCard
Cash Reward on your PayPal Account.
If you don't have a PayPal account download this on your computers and we
you shall receive instructions on how to cash out this reward.
Yours sincerely,
PayPal Reward Team
Source: Cisco