Threat Outbreak Alert RuleID15376: Email Messages Distributing Malicious Software on May 19, 2015

2015-05-19T18:26:51
ID CISCO-THREAT-38916
Type ciscothreats
Reporter Cisco
Modified 2015-05-20T12:36:45

Description

Medium

Alert ID:

38916

First Published:

2015 May 19 18:26 GMT

Last Updated:

2015 May 20 12:36 GMT

Version:

2

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID15376 and RuleID15376KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
juhave_B4F7714B03.doc
| 19,391
| 0xA448EF42E59FA34BF75F89E3FC0185F1

8AEB_32EB1CA3D.doc | 19,404 | 0xC7EAD15CFA70902CAE5618C4DE04BF13

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Your cognizance is in great necessity,HOWDEN JOINERY GROUP PLC

Message Body:

Please, see the attached copy of the remittance.
Please, can you send forward a revised affirmative so we can specify any outstanding balances.
Kind Regards,
Marco Farmer

Or

>
Subject: Essential information 587432,2015/05/19 17:51

Message Body:

Good Afternoon,
We have got a payment from you for the sum of € 1893. Please would you provide me with a transfer, in order for me to coordinate the proposition.
I will be transmitting you a notice of outstanding accounts tomorrow, the full number of outstanding is € 4005 less the 1 reckoning received making a total outstanding of € 2112. We would very much appreciate settlement of this.
As previously alluded we altered to a restricted company on 1st December 2014. We are keen to close all the old accounts down, for both tax and year end reasons. We would be very grateful in your assistance in ascertaining the outstanding.
If you need any pattern of accounts please do not hesitate to contact us
Regards,
Lorna Bowman

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    2 | Cisco Security has detected significant activity on May 19, 2015. | | 2015-May-20 12:36 GMT
    1 | Cisco Security has detected significant activity on May 19, 2015. | | 2015-May-19 18:26 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products