Description
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claims to contain information about money deposited to the user's bank account.The text in the e-mail message attempts to convince the recipient to follow a link and view the details. However, the link directs the user to a malicious .cpl file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5196) may contain any of the following file:
Loja.cpl
The Loja.cpl has a file size of 200,704 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x0B5B4655838B917EE8701C71AC1CDDC5
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Comprovante de Deposito - Seu dinheiro jAi foi depositado!
Message Body:
microfilmagem cheque Depositado :
Visualizar debito.pdf][2] (158,5 KB)
Desculpe a demora mais foi depositado.
Valor de 4.895,20 Incluindo os juros. Ate mais e um bom final de semana.
em nome de: Claudia Gomes Pereira
E-mail verificado pelo Windows Live Anti-Spam
Source: Cisco