Description
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain a voice comment related to a photo on Facebook for the recipient. The text in the e-mail message attempts to convince the recipient to click the link to listen to the comment. However, the link contains a malicious .cpl file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5128) may contain the following file:
AtualizacaoCartapPetrobras2.cpl
The AtualizacaoCartapPetrobras2.cpl file has a file size of 322,048 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xE5A8DB3AE9F09995D3C62A6B3C15FAFB
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Você recebeu um comentario de voz em sua Foto
Source: Cisco