Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a product purchase order request notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .rar attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5208) may contain the following files:
Product and Order List.rar
Product and Order List.exe
The Product and Order List.exe file in the Product and Order List.rar attachment has a file size of 569,647 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xA888A86AADC4D2163046DC5806661FED
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: We Wish To Make An Immediate Purchase Of These Your Products
Message Body:
Hello,
We are SupermegaTrade Ltd®, Canadian based acquisition and logistics company under Reliable Movers Ottawa®, Canada. We are interested in some of your products and would want to make an immediate purchase. Please view the attached selected samples and respond back with best CIF/FOB quotation/proforma invoice to Port of Vancouver, Canada.
Best Regards,
Mrs Jo Nita
Supermegatradeltd.com®
reliablemoversottawa.com®
Email: sale@supermegatradeltd.com
: supermegatradeltd@mynet.com
: sales@reliablemoversottawa..com
TEL: 309-544-5748
Source: Cisco