Threat Outbreak Alert RuleID18357: Email Messages Distributing Malicious Software on September 30, 2015

2015-09-29T19:39:25
ID CISCO-THREAT-41280
Type ciscothreats
Reporter Cisco
Modified 2015-09-30T14:07:37

Description

Medium

Alert ID:

41280

First Published:

2015 September 29 19:39 GMT

Last Updated:

2015 September 30 14:07 GMT

Version:

2

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID18357 and RuleID18357KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Bank_mentation saskatoon calculating_protection.zip / semijoin migration flows tableau.exe
| 45,568
| 0xD342EAC9BC6987A7AA4F47BDAD894DFC

Bank_quill backgammon finally_protection.zip / unique identifier anticipator superposable.exe | 45,568
| 0xE94AD7147CEC4A69C56F9519941F92CB

Bank_vine weighed foolhardy_protection.zip / trading affranchise sours.exe | 45,568
| 0x6F4B496EA7008150732D056A55C8D7B6

Bank_avocados indivertible job lot_protection.zip / trample socialistic gourmet.exe | 45,568
| 0x161483B8C901EAFC2B4F1A3F73006E2D

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Blocked access notification letter

Message Body:

Good day!
We have detected suspicious activity with Your Online-Banking profile. Please be informed that
the access and some capabilities of Your profile were restricted for security reasons. Temporarily
You cannot conduct transactions with online-banking profile. In order to obtain full management
powers You have to fill in and send back the attached form.
Please use codename for authorization (contained in the attachment).
Online-Banking profile: 830820624580938466
Code Name: mentation saskatoon calculating
Our security department representative will contact You later to provide further instructions.
Regards,
NAB Support Team.

Or

> Subject: Confined access notification letter

Or

> Subject: Limited profile notice

Or

>
Subject: Confined access alert

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    2 | Cisco Security has detected significant activity on September 30, 2015. | | 2015-September-30 14:07 GMT
    1 | Cisco Security has detected significant activity on September 29, 2015. | | 2015-September-29 19:39 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products