Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain payment details for the recipient. The text in the e-mail message attempts to persuade the recipient to open the attachment and confirm the payment. However, the .rar attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5332) may contain the following files:
image.rar
image.scr
The image.scr file in the image.rar attachment has a file size of 2,191,412 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x8714DF916282F18022BB0654DA98454D
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Payment Slip
Message Body:
Please confirm the attached payment slip and get back to us!
Thanks
Source: Cisco