Threat Outbreak Alert RuleID10429: Email Messages Distributing Malicious Software on September 15, 2014

2014-06-24T18:09:19
ID CISCO-THREAT-34697
Type ciscothreats
Reporter Cisco
Modified 2014-09-17T15:09:06

Description

Medium

Alert ID:

34697

First Published:

2014 June 24 18:09 GMT

Last Updated:

2014 September 17 15:09 GMT

Version:

4

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID10429 and RuleID4626KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Photo_NIK24062014.rar/Photo_NIK24062014.scr
| 325,632
| 0xAD4CD14916AA875C0ADF3395BF4B0909
Invoice.zip / Invoice.scr | 909,824 | 0x6CD8ACC59B7F352A3A25DF890B7E0CAA

DeltaTicket_ET-RM-0HJ08546868.zip / DeltaTicket_ET-RM-0HJ08546868.exe | 144,384 | 0x98AD9E61F4578CC658E860935B8BEDBA
Invoice_Advice 768171-pdf.zip / DOC0001116784759839736768171-pdf.exe | 878,080 | 0x59DC9390926A914CC854572480009286
Invoice_1904871.pdf.zip / Invoice_1904871.exe | 20,480 | 0x211D408B7282A59F06B95CE011D40C6A

The following text is a sample of the email message that is associated with this threat outbreak:

> Message Body:

Please find attached TT payment made to your account today, quickly confirm our client receipt who ordered us to make the payment. Download attached invoice and reply now.
Thank You,
Mrs. Corrine

Or

> Subject: Please download your ticket #00829179

Message Body:

Order Notification,
E-TICKET / ET-RM-0HJ08546868
SEAT / 24A/ZONE 2
DATE / TIME 4 OCTOBER, 2014, 09:35 AM
ARRIVING / Shreveport
FORM OF PAYMENT / CC
TOTAL PRICE / 219.77 USD
REF / EF.6378 ST / OK
BAG / 2PC
Your bought ticket is attached.
You can print your ticket.

Or

> Message Body:

hxxp://www.standardchartered.com
Dear Sir/Madam,
We are pleased to attach your bank beneficiary advice with this email, based on the payment instruction from our customer to you.
Should you have any enquiry or require assistance, please contact your payor (our customer) at the contact number stated in the attached advice invoice.
Please note that you will need Adobe Acrobat Reader Version 5.0 or above to view your advice. If you do not have the required software, you can download it from the Adobe website at www.adobe.com
This is a system generated e-mail. Please do not reply to the sender of this e-mail.
Best Regards,
Customer Service Manager

> Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    4 | Cisco Security has detected significant activity on September 15, 2014. | | 2014-September-17 15:09 GMT
    3 | Cisco Security has detected significant activity on September 2, 2014. | | 2014-September-03 13:37 GMT
    2 | Cisco Security has detected significant activity on August 19, 2014. | | 2014-August-20 12:10 GMT
    1 | Cisco Security has detected significant activity on June 24, 2014. | | 2014-June-24 18:09 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products