Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain information about the change in ordered products for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .exe attachment when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5277) may contain any of the following file:
ORDER_196846_info_2013.exe
The ORDER_196846_info_2013.exe has a file size of 580,096 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x1828EA2BFAC13F3A19694CD413EACF97
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: your order ID 196846
Message Body:
Please download and read detail order changes we've made.
The updated agreement will take effect on February 11, 2013.
Shiped February 12th , order detail information please download file
Feel free to contact us with your questions or comments.
Please see attaches the list below to assist you in locating the correct
Source: Cisco