Threat Outbreak Alert RuleID17891: Email Messages Distributing Malicious Software on October 8, 2015

2015-09-10T16:08:05
ID CISCO-THREAT-40929
Type ciscothreats
Reporter Cisco
Modified 2015-10-08T13:49:35

Description

Medium

Alert ID:

40929

First Published:

2015 September 10 16:08 GMT

Last Updated:

2015 October 8 13:49 GMT

Version:

6

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID17891 and RuleID17891KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
inkasso.zip / inkasso.scr | 318,976
| 0x673143B0D5F298843A29FEAF28818105

Invoice.zip / Invoice.scr | 45,056
| 0xCB489A2272ABA02EF2A471DC7426F806

Receipt Althea Judd.zip / receipt.scr | 45,056
| 0x33AE2B2ADA933A2FAEDD8146FCB53875

Invoice.zip / Invoice.scr | 200,704 | 0xDB66F0824DEA82F2EE7A71EA4393BC73

payment slip.zip / invoice.scr | 196,608
| 0x9C6836D7951C30B1274C9B15F8143E39

Invoice.zip / Invoice.scr | 40,960
| 0xC221D99D5A1D0D52EAA5E6FE92F2F076

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Inkasso Buro

Message Body:

Rechtsanwalt Aufforderung Zahlung Luisa Pohl Inkasso Büro
(Dokumente zur Voruntersuchung in Zip file !)
Sehr geehrte/r kunde,
mit der ausgelieferten Bestellung vom 15.05.2015 haben Sie sich gesetzlich verpflichtet
die Rechnung von 420,00 Euro an unseren Mandanten zu zahlen.
Dieser Verpflichtung sind Sie bis heute nicht nachgekommen.
Weiterhin sind Sie aus Gründen des Verzuges verpflichtet
die Kosten unserer Beauftragung zu tragen.
Unser Anwalt-Büro wurden von Buch GmbH beauftragt die finanziellen Interessen zu vertreten.
Die Bevollmächtigung wurde anwaltlich schriftlich zugesichert.
Die zusätzlichen Kosten unserer Inanspruchnahme errechnen sich gemäß folgender Kostenrechnung:
17,00 Euro (nach Nummer 8149 RGV)
17,00 Euro (Pauschale gemäß RVG § 4 Abs. 1 und 2)
Wir zwingen Sie mit Kraft unserer Mandantschaft den gesamten Betrag auf das Konto unseren Mandanten zu überweisen.
Die Kontodaten und die Einzelheiten der Bestellung finden Sie im angehängtem Ordner.
Für den Eingang der Zahlung setzten wir Ihnen eine letzte Frist bis zum 22.11.2015.
Dokumente zur Voruntersuchung in Zip file !
Mit freundliche Grüßen Luisa Pohl Inkasso-Büro

Or

> Subject: Payment Overdue

Message Body:

Please find attached your invoices for the past months.
Remit the payment by 11/09/2015 as outlines under our "Payment Terms" agreement.
Thank you for your business,
Sincerely,

Or

> Subject: A for guest Althea Judd

Message Body:

Thank you for choosing our hotel and we very much hope that you enjoyed your stay with us.
Enclosed is a copy of your receipt.
Should you require any further assistance please do not hesitate to contact us directly.
We look forward to welcoming you back in the near future.
This is an automatically generated message. Please do not reply to this email address.
________

Or

> Subject: Balance Payment

Message Body:

Today we have able to remit the total amount of US$ 95,704.97 to your account. Details of our payments are as follows:
Cont. #41 SPV001/April/15 US$95,799.13 - 11,748.82 (50% disc. For R008 & R016) =
Cont. #42 EXSQI013/May/5 US$55,154.66
Total Remittance: US$ 95,704.97
Attached is the TT copy, check with your bank and let us know when you will proceed with shipment.
Thanks & best regards,

Or

> Subject: September balance payment

Message Body:

Today we have able to remit the total amount of US$ 51,704.97 to your account.
Details of our payments are as follows:
Cont. #41 SPV001/April/15 US$34,299.13 - 11,748.82 (50% disc. For R008
& R016) =
Cont. #42 EXSQI013/May/5 US$29,154.66
--------------------
Total Remittance: US$ 51,704.97
Attached is the TT copy, check with your bank and let us know when you
will proceed
with shipment.
Thank you very much.
Best regards,

Or

> Subject: Payment Overdue

Message Body:

Please find attached your invoices for the past months.
Remit the payment by 07/10/2015 as outlines under our "Payment Terms" agreement.
Thank you for your business,
Sincerely,

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    6 | Cisco Security has detected significant activity on October 8, 2015. | | 2015-October-08 13:49 GMT
    5 | Cisco Security has detected significant activity on September 30, 2015. | | 2015-October-02 13:33 GMT
    4 | Cisco Security has detected significant activity on September 29, 2015. | | 2015-September-29 20:08 GMT
    3 | Cisco Security has detected significant activity on September 17, 2015. | | 2015-September-21 13:14 GMT
    2 | Cisco Security has detected significant activity on September 11, 2015. | | 2015-September-14 13:14 GMT
    1 | Cisco Security has detected significant activity on September 10, 2015. | | 2015-September-10 16:08 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products