Threat Outbreak Alert RuleID16459: Email Messages Distributing Malicious Software on July 6, 2015

2015-07-07T19:21:10
ID CISCO-THREAT-39751
Type ciscothreats
Reporter Cisco
Modified 2015-07-07T19:21:10

Description

Medium

Alert ID:

39751

First Published:

2015 July 7 19:21 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID16459) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Vessel Particlars & Manifest.zip / Vessel Particlars & Manifest.scr
| 684,032
| 0x3A19652851054611E362FD4F4516263E

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Agency Nomination mt DELTA TOLMI - EPDA & DISC FEES

Message Body:

Dear All,
Good day
We are the owners protecting agents for the good lady calling your good port & would like to appoint your good self as agents,
PLS TO APPOINT YOUR GOOD COMPANY AS OUR AGENT FOR DISCHARGING OPERATIONS FOR MV DELTA TOLMI AT YOUR GOOD PORT TO MANAGE ALL AGENCY BIZ
FOR SUBJ VSLS.
PLS PAY YOUR KEEN ATTENTION TO FOLLS -
AA) VSL'S DESCRIPTION / VSL CONTACT DETAILS / VSL'S MOVEMENT AS ATTACHED
- NOTICE OF READINESS : Vessel to allowed to tender NOR whether in port or not,
whether in berth or not, whether customs cleared or not, whether free pratique or not.
NOR to load/disch port shall be delivered in writing or by cable/telex/fax/email to
chtr's receiver and/or their agent.
BB) PLEASE CHECK/ ADVISE FLWS;
- EST PORT DISBURSEMENT WITH YR BANK DETAIL
- BERTHING AND WORKING PROSPECT WITH B.ETCD / LINE UP
- ACTUAL LOAD RATE PER DAY/METHOD & MAX AVAILABLE GANGS INCLUDING WORKING HOUR
- EXPECTED WEATHER CONDITION OR RECENT FORECAST
- PORT RESTRICTION FOR VSL'S LOA / DRAFT. IF ANY.
- HOLIDAYS FOR STEVEDORE & PORT AUTHORITY DURING HER PORT DAYS
- FURTHER HELPFUL INFORMATION, IF ANY
CC) INFORMATION A/O REQUIREMENT A/O INSTRUCTION
- PLEASE INFORM MASTER OF DEFINITE LOADING POSITION(LAT/LONG) TO BE
ABLE TO PROCEED TO THERE IN SHORTEST ROUTE.
- PLEASE KEEP IN TOUCH WITH MASTER FOR ALL KINDS OF INWARD PORT CLEARANCE,
AND SHIP'S CERTIFICATE REQUIRED.
- WE'RE LOOKING FWD TO YOUR BEST COOPERATION FOR SUBJ VESSEL'S
QUICKEST DESPATCH, ESPECIALLY IN SAVING PORT DAYS.
Please confirm safe receipt of this message & confirm your attendance.
Thanks & Best Regards,

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2015-July-07 19:21 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products