Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a wire transfer notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to the review payment slip for the pending wire transaction. However, the .rar attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5116KVR) may contain the following files:
payment_slip.rar
payment slip.scr
The payment slip.scr file in the payment_slip.rar attachment has a file size of 463,360 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x473B6E8EE9BAACD4F02A2BF1AB51C164
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Please treat with urgency.
Message Body:
Attn:Sir/ Madam,
We have been advised by our customer to wire $36,430 of the agreed pending transaction.for the order on your product we made lats year.Kindly check the payment slip before we authorize our Bank to release into your bank Account if you have received the money in your account already please give us your response back.
Thanks & Regards,
Sarni Rana
Client Relationship Partner
Source: Cisco