Description
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain a payment notification for the recipient. The text in the message attempts to convince the recipient to follow a link and view payment details. However, the link directs users to a malicious .cpl file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5136) may contain any of the following files:
Cobranca_9JF472S.cpl
The Cobranca_9JF472S.cpl has a file size of 476,160 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x4774804756BCF25AD88DE5F9C0234557
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Aviso: Vencimento da fatura
Message Body:
Fatura N° 254446
Anexo: fatura25446.doc (103kb)
Cliente, Não consta em nossos registro o pagamento da fatura com vencimento em 21/01/2013. Caso já tenha efetuado o pagamento, favor desconsiderar esta correspondência.
Caso reste alguma dúvida, fale conosco.
OLP.
Source: Cisco