Threat Outbreak Alert: Fake Bank Account Deposit Notification Email Messages on May 9, 2014

2014-05-09T15:56:15
ID CISCO-THREAT-34177
Type ciscothreats
Reporter Cisco
Modified 2014-05-09T15:56:15

Description

Medium

Alert ID:

34177

First Published:

2014 May 9 15:56 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages that claim to contain a bank account deposit notification for the recipient. The text in the email message attempts to convince the recipient to open the attachment to view full payment details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.

Email messages that are related to this threat (RuleID9893) may contain the following files:

> Bank Paymet.zip
Bank Paymet.exe

The Bank Paymet.exe file size in the Bank Paymet.zip attachment is unavailable. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xc3f0aa248ee6f79900bb2952fab66304

The following text is a sample of the email message that is associated with this threat outbreak:

> Message Body:

HSBC Bank/Payme?nt Advice
To Me
Today at 3:26 PM
This payment advice is issued at the request of our customer. Your account has been credited with an inward payment.
Please see full payment details in attached
Biz Alert Ref Number : UCC28115548
Credit Amount : USD 24,351.60
Payment Method : Telegraphic Transfer
Paying Bank : HSBC BANK USA NA
Any questions, please call our customer service hotline on (852) 2748 8288.
Please do not reply to this email. The information in this BizAlert is not and should not be construed as a recommendation, an offer to sell or the solicitation of an offer to purchase or subscribe for any investment. HSBC makes no guarantee, representation or warranty and accepts no responsibility or liability as to its accuracy or completeness. The information is for reference only and are subject to change without notice.
The information contained in this email alert is confidential. It may also be legally privileged. If you are not the intended addressee, you may not copy, forward, disclose or use any part of this message. If you have received this message in error, please delete it and all copies from your system and notify the Bank immediately by contacting our customer service hotline on (852) 2748 8288.
Email communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any error or omissions which arise as a result.
Privacy and Security | Terms of Use ? Copyright. The Hongkong and Shanghai Banking Corporation Limited 2014

Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.

Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2014-May-09 15:56 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products