Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain invoice payment notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the payment details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5252) may contain any of the following files:
telex.zip
telex.exe
The telex.exe file in the telex.zip attachment has a file size of 1,037,984 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x0F022E72659A36A6C58DCC6B53DC4ED8
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: RE: RE: RE: REGARDING SWIFT
Message Body:
My Dear
This is sequel to our previous mail dated 2-07-2013.
I am mailing to let you know that we made payment of 41,850 U$Dollars through our bank today. Find as attachment the Payment Slip and invoice copy also reconfirm your Account Details in the slip and invoice in other for us to carry on with the next 70% payment steps.
Upon confirmation of the payment, Please proceed to process the order as discussed and send us a copy of the BL and packing list. Also let us know the expected tim
Thank you.
ALL THE BEST AND REGARDS,
Raffa,
Source: Cisco