Threat Outbreak Alert RuleID17106: Email Messages Distributing Malicious Software on August 3, 2015

2015-08-03T19:52:29
ID CISCO-THREAT-40308
Type ciscothreats
Reporter Cisco
Modified 2015-08-03T19:52:29

Description

Medium

Alert ID:

40308

First Published:

2015 August 3 19:52 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID17106KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
2015-07-Bill.docm
| 26,835
| 0xC6AD4EF26992DD6EAA01602CEDB4104D

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Your latest Chess Bill Is Ready

Message Body:

Your bill summary
Account number: 24583
Invoice Number: 2398485
Bill date: July 2015
Amount: £17.50
How can I view my bills?
Your Chess bill is ready and waiting for you online. To check out your detailed bill, previous bills and any charges you've incurred since your last bill, just sign into My Account www.chesstelecom.com/myaccount
Forgotten your sign in details?
If you've forgotten your sign in details, no problem, you can reset these by choosing hxxp://www.chesstelecom.com/lost_password.
Making payments is easy!
If you want to make a credit or debit card payment you can do online by choosing hxxp://www.chesstelecom.com/online_payment
You don't need to do anything if you pay by direct debit, we will collect your payment automatically on or after 30th June. If you pay by cheque, details of how to pay us are available on the invoice.
Switch to Direct Debit today and you'll save at least £60.00 a year, simply call our dedicated team on 0844 770 6060.
Anything else you'd like to know?
Why not visit our support section at www.chesstelecom.com/support.
This e-mail has been sent from a Mailbox belonging to Chess Telecom,
registered office Bridgford House, Heyes Lane, Alderley Edge, Cheshire, SK9 7JP.
Registered in England, number 2797895. Its contents are confidential to the
intended recipient.
If you receive in error, please notify Chess Telecom on
+44 (0)800 019 8900 immediately quoting the name of the sender, the email
address to which it has been sent and then delete it; you may not rely on its
contents nor copy/disclose it to anyone.
Opinions, conclusions and statements
of intent in this email are those of the sender and will not bind Chess Telecom
unless confirmed by an authorised representative independently of this message.
We do not accept responsibility for viruses; you must scan for these.
Please
note that emails sent to and from Chess Telecom are routinely monitored for
record keeping, quality control and training purposes, to ensure regulatory
compliance and to prevent viruses and unauthorised use of our computer
systems.
Thank you for your co-operation.
Quotations are subject to terms and conditions, exclude VAT and are
subject to site survey.
E&OE

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2015-August-03 19:52 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products