2015 February 27 15:06 GMT
2015 June 30 13:19 GMT
Email messages that are related to this threat (RuleID13744 and RuleID13744KVR) may contain the following files:
Name | Size in Bytes | MD5 Checksum
Payment details C505069572.doc
Canceled Bpay transferU7378793.zip / BillPay cancelled payment_97428.doc | 230,830 | 0x2BF9158FA359E527387EF5D7CF26AE11
Payment full details R621794167.doc | 219,136 | 0xD1B4838000E26E5653453C920A79F3F3
invoice.doc | 23,439 | 0x2615E78D9FE1CC0A91A3173EB7DEA011
The following text is a sample of the email message that is associated with this threat outbreak:
> Subject: Final Warning!!! Dispute Number 6665871
The Wire transfer (ID: G894991912), recently sent from your checking account, was cancelled by the Electronic Payments Association.
Transaction Case ID 813074
Total Amount 2243.41 USD
> Subject: Bill Pay transaction N C88787784
The Bill Pay transfer, recently sent from your online banking account, was aborted by the Electronic Payments Association.
BPay file Case ID W9255391
Total Amount 22725.82 AU Dollars
Sender contact email@example.com
Rejection Reason See attached word file
Please check the doc file given here to get more information about this issue.
> Message Body:
> **Symantec Endpoint Protection found a security risk in an attachment from firstname.lastname@example.org.
Attachment: Payment full details R621794167.doc
Security risk detected: W97M.Downloader
Action taken: Clean succeeded
File status: Clean
The Wire transaction (ID: B952365535), recently initiated from your checking account, was rejected by the Electronic Payments Association.
Subject: Invoice #4845-29
Thank you for your order which has been dispatched, please find an invoice for the goods attached.
Please contact us immediately if you are unable to detach or download your Invoice.
As a valued customer we look forward to your continued business.
Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products