Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to a confidential message for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to view or print the document. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5093) may contain the following files:
To ALL Employees.zip
To ALL Employees.exe
The To ALL Employees.exe file in the To ALL Employees.zip attachment has a file size of 113,152 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xAFEAEBDC30B5296684AF30298C916E46
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: To all Employees - Confidential Message
Message Body:
DocuSign Logo
Your document has been completed
Sent on behalf of administrator@miffcrffodf.com.
All parties have completed the envelope 'Please DocuSign this document: To All Employees 2013.pdf'.
To view or print the document download the attachment .
(self-extracting archive, Adobe PDF)
This document contains information confidential and proprietary to miffcrffodf.com
LEARN MORE: New Features | Tips & Tricks | Video Tutorials
Source: Cisco