Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a bank transfer notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5273) may contain the following files:
scan000_pdf.zip
scan000_pdf.exe
The scan000_pdf.exe file in the scan000_pdf.zip attachment has a file size of 561,478 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x18EA806615A2105CE5A49903143D75F3
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Message Body:
Dear Beneficiary
This is to inform you that your long awaiting funds has been withdrawn from the incompetent envoy who was handling the transaction and we are processing and working on transferring your funds into your account. Please get back to us as soon as possible if there is any change in account information so that we shall take note of it before the transfer commences.
Check the attached document for more information.
Until we hear from you. Congratulation.
Mr. Tony Brown
Bank of America
Source: Cisco