Threat Outbreak Alert RuleID17954: Email Messages Distributing Malicious Software on September 12, 2015

2015-09-14T13:55:17
ID CISCO-THREAT-40982
Type ciscothreats
Reporter Cisco
Modified 2015-09-14T13:55:17

Description

Medium

Alert ID:

40982

First Published:

2015 September 14 13:55 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID17954 and RuleID17954KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Banregio_documento.doc | 527,360
| 0xBDFFFCF5FA90BA7973EA76D21451FD0B

scan-copy aQ01257166#bkzqng.zip / changed status notice-#bkzqng-ivsbk.exe | 33,792
| 0xBFB753E19631C05067D8510924665C47

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Transferencia BanRegio a su Cuenta

Message Body:

Te informamos que acabas de recibir una Transferencia a tu Cuenta,
la cual se encuentra retenida debido a anomalías en tu estado financiero.
Para mas detalles sobre esta situación le adjuntamos un documento en formato Microsoft Word
donde explicamos el motivo de la retención y los pasos a seguir para regularizar este problema.
Resumen Transferencia BanRegio Recibida
Monto: $22,500.00 PESOS
Folio de la Transacción: 7151497033
Fecha solicita: 11-09-2015 08:13
Fecha autoriza: 11-09-2015 08:13
Verificador
5001935192085322112601062651052381617391082400962430971960821600641600
6416006416006443916957823154021726173924609824009625610327911124009625
4101160064160064160064160064265099524207547221491197374158250100250101
2340942400962400962741025462195432162811132583617263742791122581021980
83160064
Este es un correo generado de forma automática por eBanRegio, favor de no responder al mismo...
Centro de Atención a Clientes
Monterrey: 8398.8675
Otra Ciudad: 01.800.BANREGIO (226.76396)
Este correo electrónico es confidencial, esta legalmente protegido y/o puede contener información privilegiada.
Si usted no es su destinatario o no es alguna persona autorizada por este para recibir sus correos electrónicos,
NO deberá usted utilizar, copiar, revelar, o tomar ninguna acción basada en este correo electrónico o cualquier
otra información incluida en el (incluyendo todos los documentos adjuntos).
Si lo ha recibido por error, por favor bórrelo de forma permanente y destruya cualquier copia impresa.
En caso de que el correo este dirigido a alguno de nuestros clientes, la opinión o recomendación contenida esta
sujeta a las condiciones regulatorias de Banregio que resulten aplicables o a los acuerdos comerciales suscritos con el cliente.

Subject: Retain this service invoice #1384bkzqng

Message Body:

Dear client,
Thank you for using our professional services.
Total amount was successfully remitted.
Attached you'll find an invoice #1384bkzqng for your records.

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2015-September-14 13:55 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products