2013 June 6 14:49 GMT
2013 July 3 17:55 GMT
E-mail messages that are related to this threat (RuleID6228 and RuleID6228KVR) may contain the following files:
> Pixmania Gift Voucher.zip
Pixmania Gift Voucher.scr
The Pixmania Gift Voucher.scr file in the Pixmania Gift Voucher.zip attachment has a file size of 68,995 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x1D7D1173FA769CD378D5D70442E14AAA
A variant of the Pixmania Gift Voucher.scr file in the Pixmania Gift Voucher.zip attachment has a file size of 89,619 bytes. The MD5 checksum is the following string: 0x87CF88122428CD55A5CB5A2786C1F794
The PaySlip.scr file in the Invoice.zip attachment has a file size of 496,321 bytes. The MD5 checksum is the following string: 0x3FFEEF5BA1F92C5AA592E6C8DF202902
The following text is a sample of the e-mail message that is associated with this threat outbreak:
> Subject: Pixmania Gift Voucher (50 EUR)
Mark has sent your a gift voucher at value of 50 EUR. This gift voucher may be redeemed against any product(s) on our website.
Value: 50 EUR
attached in a letter
Expire date: 2013-04-15
How to use gift vouchers
1.Take your pick from over 1 300 000 products on Pixmania.com.
2. Click on the "Add to basket" button and submit your order.
3. At the payment stage of the ordering process, enter the claim code on your voucher and click "Confirm". Several gift vouchers can be used to pay for the same order.
4. Your order is processed and your products are sent to you.
> Subject: Order Confirmation(TT Payment Received from your bank)
We want to acknowledge the payment you made through your bank and want you thank you for your prompt response to our agreement. I have attached copies of the receipts and invoice for your delivery tomorrow .
Thank You for your co-operation and i wish we have more successful business together.
A H Mohammed Gazzally
> Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.
Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products