CiscoCISCO-THREAT-23517Threat Outbreak Alert: Fake Electronic Payment Cancellation Email Messages on April 8, 2014
Medium
Alert ID:
23517
First Published:
2011 June 29 14:00 GMT
Last Updated:
2014 April 10 13:53 GMT
Version:
80
Summary
- Cisco Security has detected significant activity related to spam email messages that claim to contain an electronic payment cancellation for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
Email messages that are related to this threat (RuleID2969, RuleID2969KVR, RuleID2970KVR, RuleID2970_1KVR, RuleID4441KVR, RuleID3800, and RuleID2970KVR_1) may contain any of the following files:
> transaction-report.pdf.exe
304694305894903.pdf.exe
canceled_report_43893842.pdf.exe
canceled_report_43893892.pdf.exe
report_3050439643.pdf.exe
000740295023US.pdf.exe
Corpinvoice_09.05_V716200.zip
INVOIC~1.EXE
report_1409.pdf.zip
report_1409.pdf.exe
report_1509.pdf.zip
report_1509.pdf.exe
report_1609.pdf.zip
report_1609.pdf.exe
report_092011-78.pdf.zip
report_092011-78.pdf.exe
report-d30261180.zip
report-d30261180.pdf.exe
report_3482736.doc.zip
report_3482736.doc.exe
report.94875793049.pdf.zip
report.94875793049.pdf.exe
report.zip
report_10112011.pdf.exe
report_9698588.pdf.exe
report 837749598.pdf.zip
report 837749598.pdf.exe
report 485770.pdf.zip
report 485770.pdf.exe
report_69975410005588.pdf.zip
report_69975410005588.pdf.exe
Case # 23111396.pdf.zip
Case # 23111396.pdf.exe
id463473483745.pdf.exe
25.11.pdf.zip
25.11.pdf.exe
FED_REFERENCE_67989HG78.auto.pdf.exe
Case # 54822368-11-25 Dandre Johnson.pdf.zip
Case # 54822368-11-25 Dandre Johnson.pdf.exe
contrato_aprovado.pdf.exe
rapport.pdf.exe
Recibo_NF.17240-0248_2012.pdf.exe
wu-paymentslip.pdf.exe
IMG9321.jpg.zip
IMG9231.jpg.exe
download.jpg.exe
Orcamento.PDF.exe
equitygroup.pdf.exe
20120711_005004.jpg.exe
report.pdf.exe
report.pdf.zip
IRSReport.pdf.exe
Swift Payment for the Purchase Balance of $60, 000 USD From Aileen Fountain.pdf.exe
ACH-Payment-Transaction-6E6DB6ED2FB.zip
ACH_Payment_Details_ID-434234234EC234234AF4353452345CC32423423FF423423445567EE009294782.pdf.exe
M17501819245.pdf.scr
invoiceB5VADUOG4G868MZRFH.JPG.exe
Payment_Authentication_Receipt_87596112329340.pdf.zip
Payment_Authentication_Receipt.pdf.exe
Australian PowerGas_ReceiptDetails2831135224.zip
Transaction Details.pdf.exe
Jackgreen-Energy-Transaction-Receipt.zip
Jackgreen-Energy-Transaction-Receipt.pdf.exe
EuropCar Invoice.zip
EuropCar Invoice.pdf.exe
ACH_Report-673D6535C46E.zip
ACH_Report-673D6535C46E.pdf.scr
invoiceJVQ9A8VIZ52LYZ3R66.JPG.exe
Geico - [email protected]
Geico - [email protected]
E-FATURA-9407544438.pdf.zip
E-FATURA-76497321988.pdf.exe
D_1964691LawndaleESD.xls.exe
report_pdf.exe
Tax.Refund.Confidential.Message.zip
Tax.Refund.Confidential.Message.html.exe
Tax.Refund.Confidential.Message.PDF.exe
AWB-Avis 768-38251502.pdf.zip
AWB-Avis 240-11980057.pdf.exe
ADP-TotalSource-Payroll-Invoice-01B10F09552A.zip
ADP TotalSource Payroll Invoice ID-EF2342AC2357-AA-43345435345345234234234356456.pdf.exe
ADP-TotalSource-Payroll-Invoice-3D8C226BEC.zip
ADP TotalSource Payroll Invoice #-85703433498405-3421487568567-74-0582134097475657-62243
8578247584732752374705143765348653456893473686525456.pdf.exe
AWB-Avis 432-85560399.pdf.zip
AWB-Avis 455-74906491.pdf.exe
Rejected_Transfer.zip
Wire_Transfr_Cancel_N9923902.doc.exe
fedach_rprt_03072013-0136.zip
fedach_rprt_0307131053.PDF.exe
Account-Statement-ll1054070.zip
Account-Statement-ll9305602.pdf.exe
AUSPOST Track Advice Notification.pdf.zip
AUSPOST Track Advice Notification.pdf.exe
8089-TGP-Account-Details.zip
TGP-Account-Details.doc.exe
Ravenswood_req1rev.xls.exe
9465-payslip.pdf.zip
2711-payslip.pdf.exe
Order Details - Western Union Online FX.zip
Order Details - Western Union.doc.exe
Die Einzelheiten Ihres Einkaufs.zip
Die Einzelheiten Ihres Einkaufs.pdf.exe
Auftragsbestaetigung_155756.zip
Auftragsbestaetigung_659022.pdf.exe
report0107446.PDF.exe
report0975346.PDF.exe
Ihre Reservierung 872769489.zip
Ihre Reservierung 987127600.pdf.exe
bankcopy.jpg.scr
report0108696.PDF.exe
report0108136.PDF.exe
Bill transactions 695936805.zip
Bill transactions 74658374639.pdf.exe
DOC_alan.zip
WellsFargo_0715201.PDF.exe
File-Report.zip
Scan_Report.xls.scr
auguri.jpg.exe
payment.pdf.zip
payment.pdf.exe
2013_Federal_Tax_Return.pdf.zip
2013_Federal_Tax_Return.pdf.exe
payment slip.pdf.zip
payment slip.pdf.scr
WU INFORMATION REF # 623-724-5013.jpeg.zip
_WU INFORMATION REF # 623-724-5013.jpeg.scr
__Payment.zip
Payment.txt.exe
JWS-Boleto-Assessoria-Juridica.PDF.zip
JWS-2via-boleto-Abril-2014-PDF.cpl
_
The transaction-report.pdf.exe file has a file size of 172,032 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x975245A86E8E4F4CE6B7A398B7FF9A18
The 304694305894903.pdf.exe file has a file size of 172,032 bytes. The MD5 checksum is the following string: 0xFBF3FA9FB72BCCD1B58177E2201AADE3
The canceled_report_43893842.pdf.exe file has a file size of 158,208 bytes. The MD5 checksum is the following string: 0x15299057B8A32DE1B96D6435C36ABA5B
The canceled_report_43893892.pdf.exe file has a file size of 158,208 bytes. The MD5 checksum is the following string: 0x1EAD1F7741CF8E47F018C71863A4A7FC
The report_3050439643.pdf.exe file has a file size of 150,016 bytes. The MD5 checksum is the following string: 0x8DA13FADEFC59483570BC541844052E2
The 000740295023US.pdf.exe file has a file size of 156,160 bytes. The MD5 checksum is the following string: 0xFAF7B138CCBDEB35ABC63132CAE9B298
The INVOIC~1.EXE file has a file size of 48,128 bytes. The MD5 checksum is the following string: 0x5DDE802DDFEF492148110A1DD233D50B
The report_1409.pdf.exe file in the report_1409.pdf.zip attachment has a file size of 85,504 bytes. The MD5 checksum is the following string: 0x97AFA870CE8F3E4ED2A067F56D3A1D18
The report_1509.pdf.exe file in the report_1509.pdf.zip attachment has a file size of 37,376 bytes. The MD5 checksum is the following string: 0xC47987554D4D5139F8F1F691DE1478AD
The report_1609.pdf.exe file in the report_1609.pdf.zip attachment a file size of 36,864 bytes. The MD5 checksum is the following string: 0x866C891BA9D737A4E3B8E96DB6989661
A variant of the report_1609.pdf.exe file in the report_1609.pdf.zip attachment has a file size of 37,376 bytes. The MD5 checksum is the following string: 0xC24BEDA407F9997E3391C9D2E7D3DE31
The report_092011-78.pdf.exe file in the report_092011-78.pdf.zip attachment has a file size of 37,376 bytes. The MD5 checksum is the following string: 0x64D5C423143BAE1F0C5919D2400D9C61
A variant of the report_092011-78.pdf.exe file in the report_092011-78.pdf.zip attachment has a file size of 38,912 bytes. The MD5 checksum is the following string: 0x5AD97A55462D586F9ED80D703B6635C6
The report-d30261180.pdf.exe file in the report-d30261180.zip attachment has a file size of 13,061 bytes. The MD5 checksum is the following string: 0xD603E71BD7F3C8B152E44D3B78AF40CE
The report_3482736.doc.exe file in the report_3482736.doc.zip attachment has a file size of 58,368 bytes. The MD5 checksum is the following string: 0xFB3ED60A84F0EEBF793795DB6BC5EC5C
The report.94875793049.pdf.exe file in the report.94875793049.pdf.zip attachment has a file size of 40,448 bytes. The MD5 checksum is the following string: 0xEC70D9734270CA47D7C9A1CF64682452
The report_10112011.pdf.exe file in the report.zip attachment has a file size of 55,296 bytes. The MD5 checksum is the following string: 0xC73917A997AB8E79CCB31095B22D6CA9
The report_9698588.pdf.exe file has a file size of 198,144 bytes. The MD5 checksum is the following string: 0x4F9686CB3767B8A9AE69DA06832DFF6D
The report 837749598.pdf.exe file in the report 837749598.pdf.zip attachment has a file size of 33,792 bytes. The MD5 checksum is the following string: 0x7046F3AA234EC183F12C4E592C34DBB0
The report 485770.pdf.exe file in the report 485770.pdf.zip attachment has a file size of 33,280 bytes. The MD5 checksum is the following string: 0xCDA31C084A71D582816E1C577F88AB21
The report_69975410005588.pdf.exe file in the report_69975410005588.pdf.zip attachment has a file size of 182,272 bytes. The MD5 checksum is the following string: 0xD61E9115C9E7B9BEF51279BAB59D80E8
The Case # 23111396.pdf.exe file in the Case # 23111396.pdf.zip attachment has a file size of 175,616 bytes. The MD5 checksum is the following string: 0x0B7A07B56C031844EE5A8BCD43515789
The id463473483745.pdf.exe file has a file size of 197,632 bytes. The MD5 checksum is the following string: 0xE489F1745C6727675907BE3F4355DCEE
The 25.11.pdf.exe file in the 25.11.pdf.zip attachment has a file size of 96,768 bytes. The MD5 checksum is the following string: 0xB442A3DDF687FF3FC7707683BA8B1E95
The FED_REFERENCE_67989HG78.auto.pdf.exe file has a file size of 92,160 bytes. The MD5 checksum is the following string: 0xF7C4BBE6F0EE13E5FD14AE69F33172D1
The Case # 54822368-11-25 Dandre Johnson.pdf.exe file in the Case # 54822368-11-25 Dandre Johnson.pdf.zip attachment has a file size of 197,120 bytes. The MD5 checksum is the following string: 0xD7CBE3D4DAF0784A7F2B375BC4452B79
A variant of the 25.11.pdf.exe file in the 25.11.pdf.zip attachment has a file size of 131,072 bytes. The MD5 checksum is the following string: 0x5F129FD20E51A3E437E51CB7CABB6856
The contrato_aprovado.pdf.exe file has a file size of 772,096 bytes. The MD5 checksum is the following string: 0xB8A9BCC2CA7B378BB9D018A26E3561CC
The rapport.pdf.exe file has a file size of 199,168 bytes. The MD5 checksum is the following string: 0x75D499D14405B3B24E0835F7F69F0A13
A variant of the rapport.pdf.exe file has a file size of 192,512 bytes. The MD5 checksum is the following string: 0x7BA5315E66700F685826AD3F540E00C3
The Recibo_NF.17240-0248_2012.pdf.exe file has a file size of 378,368 bytes. The MD5 checksum is the following string: 0xFED86237D25B2E549AE31A932755F6F7
The wu-paymentslip.pdf.exe file has a file size of 648,745 bytes. The MD5 checksum is the following string: 0x8D6F02E7315513F3724D7FB1CA708F15
The IMG9231.jpg.exe file in the IMG9321.jpg.zip attachment has a file size of 64,512 bytes. The MD5 checksum is the following string: 0x3281EFED263FD4EE5F7D0796CCEBCAE7
The download.jpg.exe file has a file size of 133,632 bytes. The MD5 checksum is the following string: 0x198112ACAA88729B0FDF73FD181352F1
The Orcamento.PDF.exe file has a file size of 618,496 bytes. The MD5 checksum is the following string: 0xD36C55BC4452FA005EAEDE1335D7E1C4
The equitygroup.pdf.exe file in the attachment has a file size of 192,512 bytes. The MD5 checksum is the following string: 0x662A62C52822E56238439E5F310B7D31
The _20120711_005004.jpg.exe _file has a file size of 81,920 bytes. The MD5 checksum is the following string: 0xFE79EC4B8B8B5F1DBAE3E4A5BEBFF2C5
A variant of the 20120711_005004.jpg.exe file has a file size of 81,920 bytes. The MD5 checksum is the following string: 0x7988E66F4EC56B98B264A3EEA453F639
The report.pdf.exe file has a file size of 199,681 bytes. The MD5 checksum is the following string: 0x7B9D577F5459090AA40159617EA0EF94
The IRSReport.pdf.exe file has a file size of 65,361 bytes. The MD5 checksum is the following string: 0x31FDC10461D6B9CA9880240401845845
The Swift Payment for the Purchase Balance of $60, 000 USD From Aileen Fountain.pdf.exe file has a file size of 836,096 bytes. The MD5 checksum is the following string: 0x73848930F556EC5F57E10C43EE8B0D9A
The ACH_Payment_Details_ID-434234234EC234234AF4353452345CC32423423FF423423445567EE009294782.pdf.exe file in the ACH-Payment-Transaction-6E6DB6ED2FB.zip attachment has a file size of 202,240 bytes. The MD5 checksum is the following string: 0x8ABBE404EE7B050A3BACB7313D9C7C74
The M17501819245.pdf.scr file has a file size of 555,240 bytes. The MD5 checksum is the following string: 0xC36B922A815BCF648BA5089D9D3AF00C
The invoiceB5VADUOG4G868MZRFH.JPG.exe file has a file size of 140,800 bytes. The MD5 checksum is the following string: 0x189D89811C3C64016978DADF9E11A553
A variant of the _report.pdf.exe _file has a file size of 196,097 bytes. The MD5 checksum is the following string: 0x1FBD61C0A5EBE53A99BCFD8646347A95
The Payment_Authentication_Receipt.pdf.exe file in the Payment_Authentication_Receipt_87596112329340.pdf.zip attachment has an approximate file size of 33,177 bytes. The MD5 checksum is not available.
The Transaction Details.pdf.exe file in the Australian PowerGas_ReceiptDetails2831135224.zip attachment has an approximate file size of 40,960 bytes. The MD5 checksum is not available.
The Jackgreen-Energy-Transaction-Receipt.pdf.exe file in the Jackgreen-Energy-Transaction-Receipt.zip attachment has a file size of 79,360 bytes. The MD5 checksum is the following string: 0x3ECD84642221E4F168D25D617070587E
The EuropCar Invoice.pdf.exe file in the EuropCar Invoice.zip attachment has a file size of 42,496 bytes. The MD5 checksum is the following string: 0xBAFEBF4CDF640520E6266EB05B55D7C5
The ACH_Report-673D6535C46E.pdf.scr file in the ACH_Report-673D6535C46E.zip attachment has a file size of 287,232 bytes. The MD5 checksum is the following string: 0x2F7C5A0523FBB42CC65BDFC77B98DCF7
The invoiceJVQ9A8VIZ52LYZ3R66.JPG.exe has a file size of 153,600 bytes. The MD5 checksum is the following string: 0xB612EEB950838BA361CC62BEA5A24F9C
The Geico - [email protected] file in the Geico - [email protected] attachment has a file size of 225,629 bytes. The MD5 checksum is the following string: 0xC0A31B16127A8E33B5FD45815EDA3932
The _E-FATURA-76497321988.pdf.exe _file in the E-FATURA-9407544438.pdf.zip attachment has a file size of 44,544 bytes. The MD5 checksum is the following string: 0xAFFB6C0F4D0B82661BCE8D1CF5AED764
The _D_1964691LawndaleESD.xls.exe _file has a file size of 165,420 bytes. The MD5 checksum is the following string: 0x92DD1FE49B387EDA6AE3AD56BF69143D
The report_pdf.exe file has a file size of 336,384 bytes. The MD5 checksum is the following string: 0xFFF8DF8949EED7E6C6D22B9768F4BEE9
A third variant of report.pdf.exe has a file size of 311,808 bytes. The MD5 checksum is the following string: 0xE99352FC1F58E2B583A7405217573FE1
A fourth variant of report.pdf.exe file size is unavailable. The MD5 checksum is also unavailable.
The Tax.Refund.Confidential.Message.html.exe file in the Tax.Refund.Confidential.Message.zip attachment has a file size of 42,343 bytes. The MD5 checksum is the following string: 0x94494659945B843E58F987F62160724B
The Tax.Refund.Confidential.Message.PDF.exe file in the Tax.Refund.Confidential.Message.zip attachment has a file size of 34,820 bytes. The MD5 checksum is the following string: 0xA3DF20E1A746D58C5482FD554851B714
The AWB-Avis 240-11980057.pdf.exe file in the _AWB-Avis 768-38251502.pdf.zip _attachment has a file size of 30,724 bytes. The MD5 checksum is the following string: 0xCE02B23B408B4D155F654B3141CA7392
The ADP TotalSource Payroll Invoice ID-EF2342AC2357-AA-43345435345345234234234356456.pdf.exe file in the ADP-TotalSource-Payroll-Invoice-01B10F09552A.zip attachment has a file size of 115,712 bytes. The MD5 checksum is the following string: 0x0A2C21B865E83500335C98FF6106811F
The ADP TotalSource Payroll Invoice #-85703433498405-3421487568567-74-0582134097475657-62243857824758473275237470514376534
8653456893473686525456.pdf.exe file in the ADP-TotalSource-Payroll-Invoice-3D8C226BEC.zip attachment has a file size of 167,936 bytes. The MD5 checksum is the following string: 0x7EF60CCDB03538D0C737ADA55C87E19D
The AWB-Avis 455-74906491.pdf.exe file in the AWB-Avis 432-85560399.pdf.zip attachment has an approximate file size of 46,596 bytes. The MD5 checksum is the following string: 0x2820E5E5DAE4C1CB1723462D45BF8867
The Wire_Transfr_Cancel_N9923902.doc.exe file in the Rejected_Transfer.zip attachment has a file size of 102,400 bytes. The MD5 checksum is the following string: 0x5BDD0D5180EFC938750D957CE91EDE62
The fedach_rprt_0307131053.PDF.exe file in the fedach_rprt_03072013-0136.zip attachment has a file size of 343,552 bytes. The MD5 checksum is the following string: 0xE6BA6C6909995C8F3522E3232FFB9FB0
The Account-Statement-ll9305602.pdf.exe file in the Account-Statement-ll1054070.zip attachment has a file size of 30,724 bytes. The MD5 checksum is the following string: 0xB6906BA33EB2FEFDC01C4B40917CF746
The AUSPOST Track Advice Notification.pdf.exe file in the AUSPOST Track Advice Notification.pdf.zip attachment has a file size of 46,457 bytes. The MD5 checksum is the following string: 0x617C6359BB1D0937086A10A8BFC38E37
The TGP-Account-Details.doc.exe file in the 8089-TGP-Account-Details.zip attachment has file size and MD5 checksum unavailable.
The Ravenswood_req1rev.xls.exe attachment has a file size of 571,436 bytes. The MD5 checksum is the following string: 0xD8ADF45AD17D90C839C8E4D9CC326740
The 2711-payslip.pdf.exe file in the _9465-payslip.pdf.zip _attachment has no file size and MD5 available.
The Order Details - Western Union.doc.exe file in the Order Details - Western Union Online FX.zip attachment has a file size of 45,060 bytes. The MD5 checksum is the following string: 0x28413055977F31B1A0FC7E99DF71BED7
The Die Einzelheiten Ihres Einkaufs.pdf.exe file in the Die Einzelheiten Ihres Einkaufs.zip attachment has an approximate file size of 34,918 bytes. The MD5 checksum is not available.
The Auftragsbestaetigung_659022.pdf.exe file in the Auftragsbestaetigung_155756.zip attachment has a file size of 95,232 bytes. The MD5 checksum is the following string: 0xCD84490434F11448FDCA1EBFFA083E14
The report0107446.PDF.exe file has a file size of 125,952 bytes. The MD5 checksum is the following string: 0xE4463B69D27B0B91F5B1C13F141EFF02
The report0975346.PDF.exe attachment has a file size of 127,488 bytes. The MD5 checksum is the following string: 0xEA44177B806F154F32E0CE5D575C06BA
The Ihre Reservierung 987127600.pdf.exe file in the Ihre Reservierung 872769489.zip attachment has a file size of 44,312 bytes. The MD5 checksum is the following string: 0x5F7649B9DF358814B19E09EDD5F56D87
The bankcopy.jpg.scr file has a file size of 1,718,578 bytes. The MD5 checksum is the following string: 0xCBDE4297FD65DA09A0894A8003E079A3
The report0108696.PDF.exe file has a file size of 113,664 bytes. The MD5 checksum is the following string: 0x77306665A6D33AEA465DD9D54F6755BC
The _report0108136.PDF.exe _attachment has a file size of 143,360 bytes. The MD5 checksum is the following string: 0x755BC9B33488B11E627CA270476B3AF6
The Bill transactions 74658374639.pdf.exe file in the Bill transactions 695936805.zip attachment has a file size of 23,552 bytes. The MD5 checksum is the following string: 0xACA4439DF5CEB9F7AE3E5DB79C0C447B
The WellsFargo_0715201.PDF.exe file in the DOC_alan.zip attachment has a file size of 116,736 bytes. The MD5 checksum is the following string: 0xE9B12C2C4958484A142BC5373221A8AE
The Scan_Report.xls.scr file in the File-Report.zip attachment has a file size of 247,560 bytes. The MD5 checksum is the following string: 0xCB5835830764E64029080A2C7B4C5B30
The auguri.jpg.exe file has a file size of 348,160 bytes. The MD5 checksum is the following string: 0xDCA77F0A80858853CA801B971304BC15
The payment.pdf.exe file in the payment.pdf.zip attachment has a file size of 1,131,044 bytes. The MD5 checksum is the following string: 0xB51E4CB2547AD5CD596FF3C347112681
A fifth variant of the report.pdf.exe file in the_ report.pdf.zip _attachment has a file size of 177,152 bytes. The MD5 checksum is the following string: 0x452C1BEBA320DA19DE1106D721AC09BD
A sixth variant of the report.pdf.exe file in the report.pdf.zip attachment has a file size of 170,496 bytes. The MD5 checksum is the following string: 0x9F63944CE6CD0BF53FEF15C2587BC583
The 2013_Federal_Tax_Return.pdf.exe file in the 2013_Federal_Tax_Return.pdf.zip attachment has a file size of 262,656 bytes. The MD5 checksum is the following string: 0x2F51354042ABAA6474AB6196285D4416
The payment slip.pdf.scr file in the payment slip.pdf.zip attachment has a file size of 1,229,086 bytes. The MD5 checksum is the following string: 0x6B5B04C9811B48668BA939DAEF705138
The WU INFORMATION REF # 623-724-5013.jpeg.scr file in the WU INFORMATION REF # 623-724-5013.jpeg.zip attachment has a file size of 1,056,768 bytes. The MD5 checksum is the following string: 0x2B00A0536EC190FD6F22F894AFB4BA61
The Payment.txt.exe file in the Payment.zip attachment has a file size of 348,160 bytes. The MD5 checksum is the following string: 0xAF02AC846B74023039695562DA3769DC
The JWS-2via-boleto-Abril-2014-PDF.cpl in the _JWS-Boleto-Assessoria-Juridica.PDF.zip _file has a file size of 599,040 bytes.The MD5 checksum is the following string: 0x259E520E493F799AB4DE6270D262FB13
The following text is a sample of the e-mail message that is associated with this threat outbreak:
> Subject: Canceled transaction
Message Body:
NANCHA
The Electronic Payments Association
Canceled Transfer
Transfer id: 564790786736534767
Reason for rejection View details in the report below
Transfer report report 564790786736534767.pdf
13450 Sunrise Vallay Drive, Suite 100 Herndon VA20171(703) 561-1100
2011 NACHA-The Eleactronic Payment Association
Or
> Message Body:
**Order Number: M1V5617911
Receipt Date: 05/28/12
Order Total: $699.99
Billed To: Credit card
Item Number Description Unit Price
1
Postcard (View\Download )
Cancel order Not your order? Report a Problem
$699.99
Subtotal: $699.99
Tax: $0.00
Order Total: $699.99
Please retain for your records.
Please See Below For Terms And Conditions Pertaining To This Order. Apple Inc.
You can find the iTunes Store Terms of Sale and Sales Policies by launching your iTunes application and clicking on Terms of Sale or Sales Policies
FBI ANTI-PIRACY WARNING
UNAUTHORIZED COPYING IS PUNISHABLE UNDER FEDERAL LAW.
Answers to frequently asked questions regarding the iTunes Store can be found at hxxp://
Apple ID Summary EE Detailed invoice
Apple respects your privacy.
Copyright 2011 Apple Inc. All rights reserved**
Or
> Subject: Important Business Banking Alert
Message Body:
**Chase
At Chase, weâre committed to providing the tools you need to help you monitor your account(s). Below is a list of the latest transactions for the accounts in your profile:
*Weâve started to process a(n) ($ USD) 7,996.00 ACH Payment (transaction #3097559175) from account to Avnet on Tue, 30 Oct 2012 21:27:33 +0530.
If you have questions about the transaction(s) or this alert, please open attached PDF file and find number of Your case and full data.
Please do not reply to this Automatic Alert. Instead, You can find all necessary contacts in attached file.
We appreciate your business.
Sincerely,
Online Business Banking Team **
Or
> Subject: Dcompte des sommes restant dues!!!
Message Body:
**Nantes le 18 novembre 2012
Monsieur,Madame
Je vous prie de trouver en lien ci-dessous fichier pdf votre décompte des sommes restant dues à la DGI dans le dossier cité en références.
Dossier DGI Impots Recouvrement N° 175018192456
Je compte que çe dossier soit réglé en totalité fin novembre 2012 dernier délai!
Vous en souhaitant bonne réception,
SincĂšres salutations.
PO/ Dossier DGI Impots Recouvrement Nš° 175018192456
Alexandre Marais
Huissier de Justice
3 Rue des Bosquets
Tel:. 0 892 163 544 [email protected] BP667
44100 - NANTES Cedex **
Or
> Subject: Fwd: UK Payments transaction failed
Message Body:
Transfer id: 415914
Reason for rejection: View details in the report below
Transfer report: http://www.ukpayments.org.uk/Wi6U0RO/report_pdf.php
2 Thomas More Square, London, E1W 1YN, Tel: 020 3217 8200 Fax: 020 7488 6959
2012 UK Payments Administration Ltd
Or
> Subject: Transaction Receipt
Message Body:
**3D""
Jackgreen Energy
Sydney, NSW, Australia
www.jackgreen.com.au
1300 46 5225
Client Reference/Invoice Number: 0673386867=
Please refer to attaceh= d file for full Transaction Receipt Details
Please keep these details on record for reconciliation purpose= s**
Or
> Subject: Your Amazon purchase receipt.
Message Body:
Transaction ID: 4589953
Hello,
You sent a payment of $5526 USD to Thaddeus Voliva
Thanks for using PayPal. To see all the transaction details, Download report (Self extracting archive).
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click Help in the top right corner of any PayPal page.
Or
> Subject: Telephone problems
Message Body:
WarningID: #9111562
Your telephone will be turned off in two days.
You can watch description in pdf file (Self extracting archive).
Or
> Subject: Tax Refund New Message Alert!
Message Body:
**TAX RETURN FOR THE YEAR 2013
RECALCULATION OF YOUR TAX REFUND
HMRC 2010-2011
Dear Applicant,
The contents of this email and any attachments are confidential
and as
applicable, copyright in these is reserved to HM Revenue &
Customs.
Unless expressly authorised by us, any further dissemination or
distribution of this email or its attachments is prohibited.
If you are not the intended recipient of this email, please reply
to
inform us that you have received this email in error and then
delete it
without retaining any copy.
I am sending this email to announce: After the last annual
calculation of
your fiscal activity we have determined that you are eligible to
receive a
tax refund of 000.45 GBP
You have attached the tax return form with the TAX REFUND NUMBER
ID: 111404663,
complete the tax return form attached to this message.
After completing the form, please submit the form by clicking the
SUBMIT
button on form and allow us 5-9 business days in order to process
it.
Our head office address can be found on our web site at HM
Revenue & Customs: http://www.hmrc.gov.uk
Sincerely,
HMRC Tax Credit Office
Copyright 2013, HM Revenue & Customs UK All rights reserved. **
Or
> Subject: Tax Refund New Message Alert!
Message Body:
TAX RETURN FOR THE YEAR 2013
RECALCULATION OF YOUR TAX REFUND
HMRC 2010-2011
Dear Applicant,
The contents of this email and any attachments are confidential
and as
applicable, copyright in these is reserved to HM Revenue &
Customs.
Unless expressly authorised by us, any further dissemination or
distribution of this email or its attachments is prohibited.
If you are not the intended recipient of this email, please reply
to
inform us that you have received this email in error and then
delete it
without retaining any copy.
I am sending this email to announce: After the last annual
calculation of
your fiscal activity we have determined that you are eligible to
receive a
tax refund of 429.18 GBP
You have attached the tax return form with the TAX REFUND NUMBER
ID: 840960093,
complete the tax return form attached to this message.
After completing the form, please submit the form by clicking the
SUBMIT
button on form and allow us 5-9 business days in order to process
it.
Our head office address can be found on our web site at HM
Revenue & Customs: hxxp://www.hmrc.gov.uk
Sincerely,
HMRC Tax Credit Office
Copyright 2013, HM Revenue & Customs UK All rights reserved.
Or
> Subject: Luftfrachsendung AWB
Message Body:
Hallo,
anbei der AWB bitte bestÀtigen ob alles Ok ist.
Danke
Mit freundlichen GrĂŒĂen
First Class Zollservice &
Transportvermittlungs GmbH
Niederlassungsleiter
NordendstraĂe. 32 B
64546 Mörfelden Walldorf
Tel.: 06105 / 40352 11
Fax: 06105 / 40352 20
www.first-class-zollservice.de
Schulungen im Bereich Luftsicherheit - ONLINE 3+1 Std. Schulung gemÀà 185/2010 Kap. 11.2.3.9 /
Schulungen im Bereich Zoll- und AuĂenwirtschaft
Wir arbeiten ausschlieĂlich auf Grundlage der Allgemeinen Deutschen Spediteurbedingungen (ADSp), jeweils neueste Fassung.
Diese beschrĂ€nken in Ziffer 23 ADSp die gesetzliche Haftung fĂŒr GĂŒterschĂ€den nach 431 HGB fĂŒr SchĂ€den im speditionellen
Gewahrsam auf EUR 5,- je Kg. Bei multimodalen Transporten unter Einschluss einer Seebeförderung auf 2 Sonderziehungsrechte
je Kg sowie darĂŒber hinaus je Schadenfall bzw. - ereignis auf EUR 1,0 bzw. 2,0 Mio. oder 2 Sonderziehungsrechte /kg, je nach dem,
welcher Betrag höher ist.
Or
> Subject: ADP TotalSource Automated Payroll Invoice Notification
Message Body:
**ADP TotalSource
A copy of your ADP TotalSource Payroll Invoice for the following payroll is is attached in PDF file and available for viewing.
Year: 13
Week No: 08
Payroll No: 1
Please open attached file to view and check following payrol
This email was generated by an automated notification system. If you have any questions regarding the invoice or you have misplaced your
MyTotalSource login information, please contact your Payroll Service Representative. Please do not reply to the email directly.
© 2007 Automatic Data Processing, Inc. **
Or
> Subject: ADP TotalSource Automated Payroll Invoice Notification
Message Body:
ADP TotalSource
A copy of your ADP TotalSource Payroll Invoice for the following payroll is is attached in PDF file and available for viewing.
Year: 13
Week No: 08
Payroll No: 1
Please open attached file to view and check following payrol
This email was generated by an automated notification system. If you have any questions regarding the invoice or you have misplaced your
MyTotalSource login information, please contact your Payroll Service Representative. Please do not reply to the email directly.
© 2007 Automatic Data Processing, Inc.
Or
> Subject: Fwd: Re: Wire Transfer Confirmation
Message Body:
Dear Bank Operator,
STATUS: REJECTED
WIRE TRANSFER: FEDW-5693886002484
You can find details in the attached file.
Or
> Subject: FedMail Âź: FEDACH Notice - End of Day - 03/4/13
Message Body:
Please take a look at attached ACH Notification Records from the Federal Reserve Banking System
Or
> Subject: Track Advice Notification : Consignment RYR8226512
Message Body:
**Dear Customer,
Your parcel (1) has been despatched with Australia Post.
You will receive email notifications relating to the arrival of the product to the delivery address.
Please open attached file for more details.
Regards,
Please note that this is an automatically generated email - replies will not be answered.
Or
> Subject: International Wire Transfer File Not Processed
Message Body:
**We are unable to process your International Wire Transfer request due to insufficient funds in the identified account.
Review the information below and contact your Relationship Manager if you have questions, or make immediate arrangements to fund the account. If funds are not received by 04/12/2013 03:00 pm PT, the file may not be processed.
Please view the attached file for more details on this transaction.
Any email address changes specific to the Wire Transfer Service should be directed to Treasury Management Client Services at 1-800-AT-WELLS (1-800-289-3557).
Event Message ID: S941-6828257 Date/Time Stamp: Fri, 12 Apr 2013 19:16:42 +0330
--------------------------------------------------------------------------- -------------------------------------------------------------------------
Please do not reply to this email; this mailbox is only for delivery of Event Messaging notices. To ensure you receive these notices, add [email protected] to your address book.
For issues related to the receipt of this message, call toll free 1-800-AT-WELLS (1-800-289-3557) Monday through Friday between 4:00 am and 7:00 pm and Saturday between 6:00 am and 4:00 pm Pacific Time.
Customers outside the U.S. and Canada may contact their local representativeâs office, or place a collect call to Treasury Management Client Services at 1-704-547-0145.
Please have the Event Message ID available when you call. **
Or
> Subject: Pay by Phone Parking Receipt
Message Body:
Westminster Pay by Phone Parking Receipt
Location: 6536
License: A35LHVQ
Description: Ebury Bridge Rd
Start Parking: 2013/05/15 11:20pm
Stop Parking: 2013/05/15 01:20pm
Cost: 24.10 including Service Charge
You can access a full list of all your parking transactions in the attached file
Thank you for using Westminster City Councilâs Pay by Phone parking
service
Or
> Subject: IMPORTANT Documents - WellsFargo
Message Body:
Please review attached files.
Lorena_Witt
Wells Fargo Advisors
817-119-6493 office
817-821-2848 cell
[email protected]
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member FINRA/SIPC. 1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
Or
> Message Body:
Greetings,
kindly find attached feedback file - Deposits
Thanks and Regards,
ANTHONY FRANCIS GODINHO
Hatton National Bank PLC - HEAD OFFICE
âWe give you more money for your moneyâ
P.O. Box 10072, Dubai, United Arab Emirates
Tel +9714 4520166 Fax +9714 4923269
[email protected]
www.hnb.lk
Or
> Subject: Late 2013 Tax Return Processing!
Message Body:
Dear Customer
Please review the report on your late 2013 tax refund and get back to us with the details for the processing.
Thanks
Internal Revenue Service
915 Second Avenue, MS W180
Seattle, WA 98174-0041
(206) 220-6011
hxxp: //www.irs.gov/
Or
> Subject: WU INFORMATION REF # 623-724-5013
Message Body:
Transfer of money via walmart Wu Ref # 623-724-5013 ,Linda A Rickety 6123 Sharlene drive Cincinnati OH 45248 ,in amount to receiver information .Receipt has been enclose to the mail for confirmation.
Best regards,
Gupta Bradley
Malicious software installed by files that are distributed using these messages may be related to the Trojan.Win32.Generic.pak!cobra family, which can download a malicious file from the Internet and create a start-up registry entry. The trojan may open a back door on the infected system to communicate with a remote attacker. Additionally, the malicious code may attempt to modify the system registry and files.
Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.
Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.
Related Links
Cisco Security
Cisco SenderBase Security Network
Revision History
| * Version | Description | Section | Date |
|---|---|---|---|
| 80 | Cisco Security has detected significant activity on April 8, 2014. | 2014-April-10 13:53 GMT | |
| 79 | Cisco Security has detected significant activity on October 28, 2013. | 2013-October-29 13:25 GMT | |
| 78 | Cisco Security has detected significant activity on October 13, 2013. |
| | 2013-October-14 19:20 GMT
77 | Cisco Security has detected significant activity on October 6, 2013.
| | 2013-October-07 14:19 GMT
76 | Cisco Security has detected significant activity on September 24, 2013.
| | 2013-September-26 13:20 GMT
75 | Cisco Security has detected significant activity on September 10, 2013.
| | 2013-September-11 18:29 GMT
74 | Cisco Security has detected significant activity on September 4, 2013.
| | 2013-September-05 14:21 GMT
73 | Cisco Security has detected significant activity on September 3, 2013.
| | 2013-September-04 12:09 GMT
72 | Cisco Security has detected significant activity on August 17, 2013.
| | 2013-August-19 14:06 GMT
71 | Cisco Security has detected significant activity on July 15, 2013.
| | 2013-July-15 19:31 GMT
70 | Cisco Security has detected significant activity on June 7, 2013.
| | 2013-June-07 17:07 GMT
69 | Cisco Security has detected significant activity on May 30, 2013.
| | 2013-May-31 13:45 GMT
68 | Cisco Security has detected significant activity on May 29, 2013.
| | 2013-May-30 19:33 GMT
67 | Cisco Security has detected significant activity on May 29, 2013.
| | 2013-May-29 16:54 GMT
66 | Cisco Security has detected significant activity on May 28, 2013.
| | 2013-May-28 14:46 GMT
65 | Cisco Security has detected significant activity on May 24, 2013.
| | 2013-May-24 19:33 GMT
64 | Cisco Security has detected significant activity on May 21, 2013.
| | 2013-May-21 13:51 GMT
63 | Cisco Security has detected significant activity on April 8, 2013.
| | 2013-April-08 16:54 GMT
62 | Cisco Security has detected significant activity on March 20, 2013.
| | 2013-March-21 15:43 GMT
61 | Cisco Security has detected significant activity on March 20, 2013.
| | 2013-March-20 14:15 GMT
60 | Cisco Security has detected significant activity on March 14, 2013.
| | 2013-March-15 22:34 GMT
59 | Cisco Security has detected significant activity on March 13, 2013.
| | 2013-March-14 16:08 GMT
58 | Cisco Security has detected significant activity on March 11, 2013.
| | 2013-March-12 16:58 GMT
57 | Cisco Security has detected significant activity on March 10, 2013.
| | 2013-March-11 16:01 GMT
56 | Cisco Security has detected significant activity on March 8, 2013.
| | 2013-March-08 21:57 GMT
55 | Cisco Security has detected significant activity on March 7, 2013.
| | 2013-March-07 20:38 GMT
54 | Cisco Security has detected significant activity on March 5, 2013.
| | 2013-March-05 17:38 GMT
53 | Cisco Security has detected significant activity on March 4, 2013.
| | 2013-March-04 21:47 GMT
52 | Cisco Security has detected significant activity on March 4, 2013.
| | 2013-March-04 16:20 GMT
51 | Cisco Security has detected significant activity on February 25, 2013.
| | 2013-February-25 16:43 GMT
50 | Cisco Security has detected significant activity on February 21, 2013.
| | 2013-February-22 15:50 GMT
49 | Cisco Security has detected significant activity on February 20, 2013.
| | 2013-February-21 17:21 GMT
48 | Cisco Security has detected significant activity on January 25, 2013.
| | 2013-January-28 17:18 GMT
47 | Cisco Security has detected significant activity on January 25, 2013.
| | 2013-January-25 15:37 GMT
46 | Cisco Security has detected significant activity on January 22, 2013.
| | 2013-January-23 14:59 GMT
45 | Cisco Security has detected significant activity on January 21, 2013.
| | 2013-January-22 17:24 GMT
44 | Cisco Security has detected significant activity on January 16, 2013.
| | 2013-January-16 16:55 GMT
43 | Cisco Security has detected significant activity on December 16, 2012.
| | 2012-December-17 16:09 GMT
42 | Cisco Security has detected significant activity on December 10, 2012.
| | 2012-December-11 15:15 GMT
41 | Cisco Security has detected significant activity on December 5, 2012.
| | 2012-December-05 16:13 GMT
40 | Cisco Security has detected significant activity on November 27, 2012.
| | 2012-November-27 18:10 GMT
39 | Cisco Security has detected significant activity on November 19, 2012.
| | 2012-November-20 16:02 GMT
38 | Cisco Security has detected significant activity on November 19, 2012.
| | 2012-November-19 18:12 GMT
37 | Cisco Security has detected significant activity on October 30, 2012.
| | 2012-October-30 20:42 GMT
36 | Cisco Security has detected significant activity on October 11, 2012.
| | 2012-October-15 13:50 GMT
35 | Cisco Security has detected significant activity on August 9, 2012.
| | 2012-August-10 19:51 GMT
34 | Cisco Security has detected significant activity on August 6, 2012.
| | 2012-August-07 16:43 GMT
33 | Cisco Security has detected significant activity on July 26, 2012.
| | 2012-July-27 14:25 GMT
32 | Cisco Security has detected significant activity on July 26, 2012.
| | 2012-July-26 18:32 GMT
31 | Cisco Security has detected significant activity on July 9, 2012.
| | 2012-July-10 14:33 GMT
30 | Cisco Security has detected significant activity on May 31, 2012.
| | 2012-June-01 14:45 GMT
29 | Cisco Security has detected significant activity on May 30, 2012.
| | 2012-May-30 21:16 GMT
28 | Cisco Security has detected significant activity on May 17, 2012.
| | 2012-May-18 14:37 GMT
27 | Cisco Security has detected significant activity on March 23, 2012.
| | 2012-March-26 14:07 GMT
26 | Cisco Security has detected significant activity on March 16, 2012.
| | 2012-March-16 19:11 GMT
25 | Cisco Security has detected significant activity on February 21, 2012.
| | 2012-February-22 15:31 GMT
24 | Cisco Security has detected significant activity on December 14, 2011.
| | 2012-February-15 20:25 GMT
23 | Cisco Security has detected significant activity on November 25, 2011
| | 2011-December-14 17:08 GMT
22 | Cisco Security has detected significant activity on November 25, 2011.
| | 2011-November-28 17:06 GMT
21 | Cisco Security has detected significant activity on November 22, 2011.
| | 2011-November-23 12:32 GMT
20 | Cisco Security has detected significant activity on November 21, 2011.
| | 2011-November-22 14:38 GMT
19 | Cisco Security has detected significant activity on November 15, 2011.
| | 2011-November-15 23:11 GMT
18 | Cisco Security has detected significant activity on November 14, 2011.
| | 2011-November-14 14:54 GMT
17 | Cisco Security has detected significant activity on October 12, 2011.
| | 2011-October-13 18:03 GMT
16 | Cisco Security has detected significant activity on October 12, 2011.
| | 2011-October-12 18:37 GMT
15 | Cisco Security has detected significant activity on October 5, 2011.
| | 2011-October-05 13:47 GMT
14 | Cisco Security has detected significant activity on September 28, 2011.
| | 2011-September-28 16:03 GMT
13 | Cisco Security has detected significant activity on September 23, 2011.
| | 2011-September-26 20:09 GMT
12 | Cisco Security has detected significant activity on September 22, 2011.
| | 2011-September-23 18:20 GMT
11 | Cisco Security has detected significant activity on September 20, 2011.
| | 2011-September-20 12:54 GMT
10 | Cisco Security has detected significant activity on September 16, 2011.
| | 2011-September-16 13:50 GMT
9 | Cisco Security has detected significant activity on September 15, 2011.
| | 2011-September-15 13:11 GMT
8 | Cisco Security has detected significant activity on September 14, 2011.
| | 2011-September-14 14:15 GMT
7 | Cisco Security has detected significant activity on September 7, 2011.
| | 2011-September-07 17:40 GMT
6 | Cisco Security has detected significant activity on August 26, 2011.
| | 2011-August-26 14:08 GMT
5 | Cisco Security has detected significant activity on August 24, 2011.
| | 2011-August-24 15:09 GMT
4 | Cisco Security has detected significant activity on August 16, 2011.
| | 2011-August-16 19:52 GMT
3 | Cisco Security has detected significant activity on August 16, 2011.
| | 2011-August-16 12:51 GMT
2 | Cisco Security has detected significant activity on August 16, 2011.
| | 2011-July-27 13:18 GMT
1 | Cisco Security has detected significant activity on June 28, 2011. | | 2011-June-29 14:00 GMT
Show Less
Legal Disclaimer
- THIS DOCUMENT IS PROVIDED ON AN âAS ISâ BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products