Threat Outbreak Alert RuleID18932: Email Messages Distributing Malicious Software on October 25, 2015

2015-10-26T13:44:46
ID CISCO-THREAT-41700
Type ciscothreats
Reporter Cisco
Modified 2015-10-26T13:44:46

Description

Medium

Alert ID:

41700

First Published:

2015 October 26 13:44 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID18932) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
dhl221015_41404197481.zip / dhl221015_41404197481.exe
| 39,424
| 0x5C72B7F159F631649130D9C58FB87660

The following text is a sample of the email message that is associated with this threat outbreak:

>
Subject: DHL Express - Credit Card Billing Adjustment. Ref# 6196883

Message Body:

DHL Express Customer:
The attached file details adjustments that have been made to shipping charges originally billed to your credit card.
These adjustments are for charges or credits that have occurred after the initial processing of your shipment(s).
These adjustments have been applied to your credit card and will appear on your next credit card statement.
All shipments are subject to the terms and conditions contained in the DHL Express Tariff and the DHL Express
Terms and Conditions of Service, which can be found at www.dhl.com
If you have questions regarding these adjustments please contact the DHL Express Customer Service.
We can be reached at 1-800-DHL-ASAP (1-800-345-2727), or you may reply to this e-mail directly.
Please allow one business day for e-mail inquiries.
Please note: the attached file is in PDF format. If you are unable to open the attached file, please download the free
Adobe Acrobat Reader by entering the following address in your web browser: hxxp://www.adobe.com/products/acrobat/readstep.html

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2015-October-26 13:44 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products