Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a bank transfer confirmation notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the transfer details. However, the .zip attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5289) may contain any of the following files:
Payment slip.zip
Payment slip.scr
The Payment slip.scr file in the Payment slip.zip attachment has a file size of 270,848 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x036735288A277D928F68C409CE059F29
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Fwd: To: tomspeaks Seasoned Marketing Executive (Denver)
Message Body:
Please find enclosed our bank transfer confirmation slip.
Please proceed with production and kindly send us delivery time.
Thank you in advance.
Best regards
Vrinda Jhunjhunwala
Source: Cisco