Threat Outbreak Alert RuleID12075: Email Messages Distributing Malicious Software on October 23, 2014

2014-10-23T14:37:51
ID CISCO-THREAT-36175
Type ciscothreats
Reporter Cisco
Modified 2014-10-24T12:08:12

Description

Medium

Alert ID:

36175

First Published:

2014 October 23 14:37 GMT

Last Updated:

2014 October 24 12:08 GMT

Version:

3

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID12075 and RuleID12075KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Informationen_1505.zip / information_1402_please_read_r7vkhsa05qcw2xsdx2vx.scr
| 366,080
| 0x1D724B956B87A40BD43A907E918E12E2

wichtig_4108.zip / information_1402_please_read_m09pck0m5hc9e0sdcr9d.scr | 366,080 | 0xF583BDDA4345257BF9290A122B607196

wichtig_0989.zip / information_1402_please_read_1bdbz0ieoqu2d2ae5bzq.scr
| 366,080 | 0xDD074D69264D79AE934245AAC71342AB
wichtig_2246.zip / information_1402_please_read_1r8r1o8qemsp0f85jqe8.scr | 366,080 | 0xFE4415B0C6A9E31E7F597EDAF4D2A881
important_183.zip / information_1402_please_read_t1wqkijfprn4kpnx4p17.scr | 366,080
| 0x832A5B88CBB0F35C0DC86EAB471E3B98

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: 4e03252a5df0eb7a5b570a8968062baf

Message Body:

Sehr geehrter Kunde,
Ihre fällige Rechnung #39478 finden Sie im Anhang.
Bitte begleichen Sie diese Rechnung bis spätestens 01.01.2015.
Wir danken Ihnen für die Zusammenarbeit und hoffen dass Sie mit unseren Service zufrieden sind.
Hochachtungsvoll

Or

> Subject: 9db72204b404ab3ef30cccfe94f3b1b4

Message Body:

Alle laufenden Arbeiten wurden rechtzeitig durchgeführt ,ich verstehe nicht warum Sie immer noch nicht bezahlt haben und mir 7831 euro schulden.Kostenplan im Anhang.

Or

> Subject: 7800a261c67a983aabd31338dd55fe68

Message Body:

Alle laufenden Arbeiten wurden rechtzeitig durchgeführt ,ich verstehe nicht warum Sie immer noch nicht bezahlt haben und mir 4296 euro schulden.Kostenplan im Anhang.

Or

> Subject: WG: invoice

Message Body:

"Herdam-Fotoverlag@t-online.de" schrieb am 1:14 Donnerstag, 23.Oktober 2014:
Alle laufenden Arbeiten wurden rechtzeitig durchgeführt ,ich verstehe nicht warum Sie immer noch nicht bezahlt haben und mir 0322 euro schulden.Kostenplan im Anhang.

Or

> Subject: bc934a00db9f757e026bc46e46728382

Message Body:

Hello! New important information about invoice was attached with email. Please reply

> > Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    3 | Cisco Security has detected significant activity on October 23, 2014. | | 2014-October-24 12:08 GMT
    2 | Cisco Security has detected significant activity on October 23, 2014. | | 2014-October-24 11:55 GMT
    1 | Cisco Security has detected significant activity on October 23, 2014. | | 2014-October-23 14:37 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products