Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain information about phishing websites for the recipient.The text in the e-mail message attempts to convince the recipient to follow a link and view the details. However, the link directs the user to a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5156) may contain any of the following files:
image06.scr
The image06.scr has a file size of 221,184 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x7050A679B08116DFB650D7615C387C16
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Report Phishing sites
Message Body:
Dear Sir/Madam,
We will like to bring to your attention of the phishing site(s).
We are working hard to make the Internet a safe environment for users and appreciate your addressing this matter. We've had good success working with service providers because these phishing sites are violating their terms of service.
We look forward to a positive response that the site has been taken down. Please feel free to contact us if you have questions or require further clarifications.
Best regards,
Kaen Chan
Source: Cisco