2013 July 10 14:59 GMT
Email messages that are related to this threat (RuleID6537) may contain the following files:
The productfile.exe file in the productfile.rar attachment has a file size of 308,816 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xAA2B875E744BA29E6A66F544D9BE405A
The following text is a sample of the email message that is associated with this threat outbreak:
> Subject: FEDERAL BUREAU OF INVESTIGATION
FEDERAL BUREAU OF INVESTIGATION
FBI Headquarters in Washington, D.C.
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001
Attention: FBI Official Notice: The Anti Terrorist and Monetary Crimes Division has discovered through our Global Monitoring Unit that the sum of $10,500,000.00 has been released from the Central Bank of Nigeria to the Bank of America Bearing your name as the beneficiary.
The Central Bank Of Nigeria Knowing fully well that they do not have enough facilities to effect this payment directly into your account from Nigeria, Used what is known as secret Diplomatic Transfer to effect the payment. This method of transfer is applied only when the fund is related to terrorist or money laundering activities.
If your transaction is legit and you are not related to terrorist or money laundering activities, then why must your payment be made via secrete Diplomatic Transfer? and why did you not receive the money directly into your Bank account? For security reasons, the said amount of $10,500,000.00 has been stopped by the FBI for proper investigations before final credit into your personal account.
As a matter of urgency, you are required to provide a Diplomatic Immunity Seal of transfer Certificate from the Fund Originated Country within 72 hours in order to prove that the fund you are about to receive is not related to terrorist or money laundering activities.
Failure to comply with our instructions within 72 hours, will leave us with no other option than to impound the payment and arrest you for money laundering and terrorism which will lead to jail term if you are found guilty as charged.
For further directives regarding the obtaining of the Diplomatic Immunity Seal of transfer Certificate from the Fund originated country, you are required to reconfirm your personal details as required below:
(1) Full Name
(3) Home/Cell Phone
(4) Age, Sex and Occupation
We shall monitor and facilitate the release of your payment of $10,500,000.00 into your personal account upon the confirmation of the needed diplomatic immunity seal of transfer certificate.
Final Warning: You have less than 72 hours to obtain the above mentioned certificate.
Yours In Service,
SPECIAL AGENT PETER PUTZZ
ON BEHALF OF THE FBI DIRECTOR
MR. ROBERT S. MUELLER.
Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.
Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products