Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a wire transfer notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5130KVR) may contain any of the following files:
Wire Transfer.zip
tren.scr
The tren.scr file in the Wire Transfer.zip attachment has a file size of 508,251 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x6BB8658F892EBF9DF88BB5C61CDC8E6C
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Initiating out going wire transfer
Message Body:
Attention Customer,
The amount of $14,670 is about to be transferred from your account as per your instruction. Donwload/view the attachment for final confirmation and respond as quickly as possible.
Bank Transfer Department
Source: Cisco