Threat Outbreak Alert RuleID13744: Email Messages Distributing Malicious Software on June 29, 2015.

2015-02-27T15:06:59
ID CISCO-THREAT-37617
Type ciscothreats
Reporter Cisco
Modified 2015-06-30T13:19:14

Description

Medium

Alert ID:

37617

First Published:

2015 February 27 15:06 GMT

Last Updated:

2015 June 30 13:19 GMT

Version:

4

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID13744 and RuleID13744KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Payment details C505069572.doc
| 217,088
| 0x4ADED3ABA517C132789C421FF47BF808
Canceled Bpay transferU7378793.zip / BillPay cancelled payment_97428.doc | 230,830 | 0x2BF9158FA359E527387EF5D7CF26AE11
Payment full details R621794167.doc | 219,136 | 0xD1B4838000E26E5653453C920A79F3F3

invoice.doc | 23,439 | 0x2615E78D9FE1CC0A91A3173EB7DEA011

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Final Warning!!! Dispute Number 6665871

Message Body:

The Wire transfer (ID: G894991912), recently sent from your checking account, was cancelled by the Electronic Payments Association.
Canceled transfer
Transaction Case ID 813074
Total Amount 2243.41 USD

Or

> Subject: Bill Pay transaction N C88787784

Message Body:

The Bill Pay transfer, recently sent from your online banking account, was aborted by the Electronic Payments Association.
Denied transfer
BPay file Case ID W9255391
Total Amount 22725.82 AU Dollars
Sender contact mark.reay@dempseygroup.com.au
Rejection Reason See attached word file
Please check the doc file given here to get more information about this issue.

Or

> Message Body:


> **Symantec Endpoint Protection found a security risk in an attachment from partners@tcyonline.com.
Attachment: Payment full details R621794167.doc
Security risk detected: W97M.Downloader
Action taken: Clean succeeded
File status: Clean
The Wire transaction (ID: B952365535), recently initiated from your checking account, was rejected by the Electronic Payments Association.
Rejected transfer

**

Or

>
Subject: Invoice #4845-29

Message Body:

Hi there!
Thank you for your order which has been dispatched, please find an invoice for the goods attached.
Please contact us immediately if you are unable to detach or download your Invoice.
As a valued customer we look forward to your continued business.
Cheers,
Accounts Department

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    4 | Cisco Security has detected significant activity on June 29, 2015. | | 2015-June-30 13:19 GMT
    3 | Cisco Security has detected significant activity on April 28, 2015. | | 2015-April-28 13:42 GMT
    2 | Cisco Security has detected significant activity on March 18, 2015. | | 2015-March-19 13:35 GMT
    1 | Cisco Security has detected significant activity on February 26, 2015. | | 2015-February-27 15:06 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products