Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain tax documents for the recipient. The text in the e-mail message instructs the recipient to open the attachment to view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5210) may contain the following files:
bob.zip
Individual Income Tax Returns.exe
The Individual Income Tax Returns.exe file in the bob.zip attachment has a file size of 126,464 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xAE822E0645C7B73DB3AF0F5DECCFE63A
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: FW: 2010 and 2011 Tax Documents; Accountant's Letter
Message Body:
I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2010 and 2011, plus an accountant's letter.
This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.
Source: Cisco