Description
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain a bank deposit notification for the recipient. The text in the e-mail message attempts to persuade the recipient to open the link to review the attached .pdf file. However, the .pdf attachment contains a malicious .cpl file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5141) may contain the following files:
ComprovanteDeposito.cpl
Comprovante.pdf
The ComprovanteDeposito.cpl file in the Comprovante.pdf attachment has a file size of 104,960 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x15A0A6216D902577DF8AB9046671837A
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Comprovante de Deposito. - BD53164D0F
Message Body:
1 anexo (102 KB)
Comprovante.pdf (102 KB)
Bom Dia
Segue em anexo o comprovante do depósito em sua conta corrente no valor de R$ 1.355.99
Pedimos que confira seus dados e verifique se todas as informações estão corretas para que
em caso de divergência, o problema seja corrigido.
Caso não consiga visualizar o comprovante clique aqui.
Atenciosamente
Jairo Carvalho
Fone: 3941-5574
financeiro@susep.com.br
Este email é automatico, favor não responder.
Source: Cisco