Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain product photos for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to view the photos. However, the .rar attachment contains a malicious .scr file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5330) may contain the following files:
PRODUCT LIST.rar
image.scr
The image.scr file in the PRODUCT LIST.rar attachment has a file size of 1,654,836 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xF71D115FA5E5490EE796AEA9C7ED6F2D
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: PRODUCT INQUIRY/QUOTATION
Message Body:
Dear Sir/Ma,
Please find attached photos of materials
we wish to let you prepare a quotation for.
Thank you as we look forward to the
pleasure of doing business with you .
Yours Faithfully,
L. Armstrong (Mr.)
Source: Cisco