Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a fax message for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the message. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5182) may contain the following files:
FAX_93-238738192_82.zip
FAX_93-238738192_82.exe
The FAX_93-238738192_82.exe file in the FAX_93-238738192_82.zip attachment has a file size of 113,664 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xBE19A0A568B10E1FD2E84C72852E87F8
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: jConnect fax from "893-686-6458" - 12 page(s), Caller-ID: 893-686-6458
Message Body:
Fax Message [Caller-ID: 893-686-6458]
You have received a 12 page(s) fax at 2012-12-17 01:21:42 CST.
* The reference number for this fax is lax3_did15-1916969190-9444029548-11.
This message can be opened using your PDF reader. If you have not already installed j2 Messenger, download it for free: http://www.j2.com/downloads
Please visit http://www.j2.com/help if you have any questions regarding this message or your j2 service.
Thank you for using jConnect!
Home Contact Login
Powered by j2
2011 j2 Global Communications, Inc. All rights reserved.
jConnect is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the jConnect Customer Agreement.
Source: Cisco