Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain product sample request for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5264) may contain any of the following files:
productsample5.zip
p5.exe
The p5.exe file in the productsample5.zip attachment has a file size of 276,518 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x9B8843F7D083305E5E3E3E779489B39A
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: WE NEED YOUR PRODUCT
Message Body:
SIR/MADAM,
We have sent you mail about order inquiry but unfortunately we did not hear
anything from your side till today. We are contacting you again just to know
whether you received our inquiry or not and If you have received our inquiry
then what will be the future course of action.
pease download our samples as i attach the ones i selected form your website
Looking forward to hear from you soon.
Thanks and Best Regards
MR. Jonas Garcia
CHEVERON TRADING INTERNATIONAL
Source: Cisco