Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an account compromise notification message for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and follow the instructions provided. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5279) may contain the following files:
instruction.exe
instruction.zip
The instruction.exe file in the instruction.zip attachment has a file size of 28,864 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x1D62B1CA494D55ED686D60E7AF60EF95
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Reportphishing@antiphishing.org
Message Body:
Dear user of antiphishing.org
Your account was used to send a huge amount of unsolicited email messages during the last week.
We suspect that your computer was compromised and now contains a hidden proxy server
We recommend you to follow our instructions in order to keep your computer safe
Sincerely yours,
The antiphishing.org team.
Source: Cisco