Threat Outbreak Alert RuleID14867: Email Messages Distributing Malicious Software on April 23, 2015

2015-04-23T17:13:28
ID CISCO-THREAT-38509
Type ciscothreats
Reporter Cisco
Modified 2015-04-23T17:13:28

Description

Medium

Alert ID:

38509

First Published:

2015 April 23 17:13 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID14867) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
204-2374256-3787503-credit-note.doc
| 64,512
| 0x39DF166E5139AB478623F826BDB39CC3

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Refund on order 204-2374256-3787503

Message Body:

Dear Customer,
Greetings from Amazon.co.uk.
We are writing to confirm that we are processing your refund in the amount of £4.89 for your
Order 204-2374256-3787503.
This amount has been credited to your payment method and will appear when your bank has processed it.
This refund is for the following item(s):
Item: Beautiful Bitch
Quantity: 1
ASIN: 1476754144
Reason for refund: Customer return
The following is the breakdown of your refund for this item:
Item Refund: £4.89
Your refund is being credited as follows:
GC: £4.89
These amounts will be returned to your payment methods within 5 business days.
The amount credited to your Gift Card balance should be automatically applied to your next eligible
order on our website.
Have an issue with your refund, or a question about our refund policy?
Visit our Help section for more information:
hxxp: //www.amazon.co.uk/gp/help/customer/display.html?nodeId=1161010
Please note: The credit note for this transaction is attached to this e-mail and to open, you will
need Adobe Reader. If you do not have an Adobe Reader, please visit the following link to download
it: hxxp://get.adobe.com/reader/
This credit note is the detailed breakdown of the refund showing the item(s), delivery costs and
associated VAT for each item. This credit note is largely applicable to business customers who
should retain it for accounting purposes. It’s not possible to redeem or use the credit
note number from this credit note towards an order. Visit our Help pages for more information on
refunds.
Thank you for shopping at Amazon.co.uk.
Sincerely,
Amazon.co.uk Customer Service
hxxp: //www.amazon.co.uk
Note: this e-mail was sent from a notification-only e-mail address that cannot accept incoming e-mail.
Please do not reply to this message.
An advanced electronic signature has been attached to this electronic credit note. To add the certificate
as a trusted certificate, please follow these instructions:
1. Click on the 'Signature Panel' in the upper right corner
2. Expand the drop-down in the newly opened Signatures menu, expand the 'Signature Details' drop-down and
click 'Certificate Details'
3. In the Certificate Viewer box click on the 'Trust' tab, click 'Add To Trusted Certificates' and then
click OK
4. In the Import Contact Settings box, ensure that 'Use this certificate as a trusted root' is selected,
click OK, and then click OK again

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2015-April-23 17:13 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products