Threat Outbreak Alert: Fake Audio Recordings Delivery Email Messages on April 9, 2014

2014-04-09T13:11:49
ID CISCO-THREAT-33713
Type ciscothreats
Reporter Cisco
Modified 2014-04-09T13:11:49

Description

Medium

Alert ID:

33713

First Published:

2014 April 9 13:11 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages that claim to contain an audio recordings delivery for the recipient. The text in the email message attempts to convince the recipient to open the attachment to view the specifications. However, the attachment contains a malicious_ .7z_ file that, when executed, attempts to infect the system with malicious code.

Email messages that are related to this threat (RuleID9554) may contain the following files:

> Audio Recording.7z

The Audio Recording.7z file has an approximate file size of 299,755 bytes. The MD5 checksum, is not available.

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: It is important you follow my directives

Message Body:

My Friend,
Someone close to you wants you to spend at least the next five years of your life behind bars. He has reported you to our organization and I am the one assigned to follow you up to gather more evidences against you. Attached to this email is a copy of the person's audio recording against you. Your name was mentioned eleven times in this recorded conversation, check if you can recognise the person's voice.
What I require is that you create a new email address which will be used for our further correspondence. Use your mobile phone number to text me your newly created email address on this number: +66928711125. The phone line is secured and cannot be traced by our organization or any other law enforcement agent. I know my reason for disclosing this important information to you at this time. Upon receiving your text, I will tell you who I am, our organization and what next you are to do.
You are to note the following and observe them, contrary to these, you will never hear from me again.
1. You are not to reply me on this email address.
2. You are not to call me on the above given number for any reason.
3. You are to text only your newly created email address to me.
4. The newly created email address must be used just for the both of us alone
4. If you know the voice in the recorded message, never approach the person until I tell you to.
5. You must not disclose anything relating to this information to another person.
Having read and understood what I have said, you are to now create a new email address and send it to me by text through your mobile phone number. I am waiting.

Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.

Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2014-April-09 13:11 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products