Threat Outbreak Alert: Fake Company Financial Report Email Messages on November 15, 2013

2013-11-15T21:23:45
ID CISCO-THREAT-31788
Type ciscothreats
Reporter Cisco
Modified 2013-11-15T21:23:45

Description

Medium

Alert ID:

31788

First Published:

2013 November 15 21:23 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages that claim to contain a financial report for the recipient. The text in the email message attempts to convince the recipient to open the attachment to view the final report. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.

Email messages that are related to this threat (RuleID7886) may contain the following files:

> HSCA_report_INS1-577793513.zip
HSCA_report_15112013.exe

The HSCA_report_15112013.exe file in the HSCA_report_INS1-577793513.zip attachment has a file size of 360,960 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xE16A61703D6F8BB688DB58CDA166DBEF

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: HSCA Final Report INS1-577793513

Message Body:

Dear customer,
Please find attached the final report for your company INS1-577793513
If you have any queries please contact the HSCA Compliance Team (email below).
Kind regards,
Stephanie Ferguson
Administrator – Compliance
National Customer Service Centre
Care Quality Commission
By Post to:
Care Quality Commission
Citygate
Gallowgate
Newcastle upon Tyne
NE1 4PA
E-Mail: enquiries@cqc.org.uk
Telephone – 03000 616161
Fax: 03000 616171
The Care Quality Commission is the independent regulator of all health and adult social care in England. Www.cqc.org.uk. For general enquiries, telephone the National Contact Centre: 03000 616161.
Statutory requests for information made under access to information legislation such as the Data Protection Act 1998 and the Freedom of Information Act 2000 should be sent to: information.access@cqc.org.uk.
The contents of this email and any attachments are confidential to the intended recipient. They may not be disclosed to or used by or copied in any way by anyone other than the intended recipient. If this email is received in error, please notify us immediately by clicking "Reply" and delete the email. Please note that neither the Care Quality Commission nor the sender accepts any responsibility for viruses and it is your responsibility to scan or otherwise check this email and any attachments.
Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of the Care Quality Commission.

Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.

Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2013-November-15 21:23 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products