Threat Outbreak Alert RuleID19081: Email Messages Distributing Malicious Software on October 30, 2015

2015-10-30T14:38:55
ID CISCO-THREAT-41816
Type ciscothreats
Reporter Cisco
Modified 2015-11-02T13:20:23

Description

Medium

Alert ID:

41816

First Published:

2015 October 30 14:38 GMT

Last Updated:

2015 November 2 13:20 GMT

Version:

2

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID19081) and (RuleID19081KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
IT3413204574362.zip / IT3413204574362.scr
| 260,096
| 0xACD44425633F4F839EEE77C1CEDF815E

IT3413420457432.zip / IT3413420457432.scr | 262,656
| 0x4E0D1EDE3A4206A5C16645FE7814B14F

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Agente Fedex Jermaine Wheeler

Message Body:

7vostro browser internet, acconsentite al nostro uso di cookie. Per saperne di pi? e imparare a gestire o disabilitare i cookie,
leggete la nostra Politica sui cookie. Harding, Maite, Linus, Heather
Gentile cliente, Numero Tracciamento Postale Numero Collo
abbiamo provato a recapitare il suo articolo giorno 29/10/2015, alle ore 10:20 all'indirizzo
da lei indicato, ma il destinatario non era presente. Puo concordare una nuova consegna, visitando il link
sottostante, o presentato l'allegato di questa mail, all'ufficio postaly piu vicino a casa sua. Turkey
Lyle Mcclain customers
Numero Spedizione: IT3413204574322 Sri Lanka
Data di Consegna: 29/10/2015 Finland
Oggetto: Collo Internazionale Finland
Servizio(i): Ricevuta di Ritorno Syrian Arab Republic
Stato: IN GIANCENZA Peru FedEx Global Trade Manager
When you are ready to serve, place the food on the plate in a way that looks smart to you - its fun and is great to impress.hzsiuuvbf Numero Spedizione
Buona Giornata Saint Pierre and Miquelon
Marketing Department Macao
gjhuyjajxaui Numero Tracciamento Postale
analitica web e marketing mirato. Continuando la navigazione sul sito senza modificare le impostazioni sui cookie Numero Collo
Informazione: Questo ? un messaggio automatico. Si prega di non rispondere. Peru

Or

> Subject: Fede? Vaughan Holt

Message Body:

7per migliorare la funzionalit? e la vostra esperienza di navigazione, per India, Gemma, Kristen, Miriam
G?ntil? ?li?nt?, Numero Spedizione Numero Collo
abbiam? ?r?v?to a r??apitar? il suo arti??l? gi?rn? 29/10/2015, all? ?r? 11:10 all'indirizzo
da l?i indi?ato, m? il destinatario non ?r? ?r?s?nt?. ?uo ?on?ord?r? un? nuov? ?ons?gn?, visit?ndo il link
sottostant?, o pr?s?nt?to l'?ll?g?to di qu?st? m?il, all'uffi?i? ?ost?l? piu vi?in? ? ??sa sua. Guyana
Rafael Stevens customers
Numero Spedizione: IT3413204574322 Viet Nam
Data di ?ons?gn?: 29/10/2015 Turks and Caicos Islands
Ogg?tto: Spedizione Internazionale Turkey
S?rvizio(i): Ri?evuta di Ritorno Switzerland
Stato: RICHIESTA CONTATTO Azerbaijan Preparate la vostra spedizione
A cooked steak should rest at room temperature for at least five minutes?
it will stay warm for anything up to 10 minutes.
Here, pure science comes into play ?
the fibres of the meat will reabsorb the free-running juices
resulting in a moist and tender finish to your steak.
pbftteyclfcihlcpaqwq Numero Spedizione
Cordiali Saluti Ghana
Uffici? Spedizioni Sri Lanka
d Numero Spedizione
Il sito internet FedEx utilizza cookie, compresi cookie di terzi, Numero Collo
Gr?zie per averci scelto. Cuba Norfolk Island
zgeziycrzidlbudqfwuipxqhivqcqb Numero Tracciamento Postale Papua New Guinea
MicronesiaNumero Spedizione
Preparate tutti i documenti necessari per la vostra spedizione, quali Lettera di Vettura, fattura commerciale ed altri.
eNews FedEx FedEx Global Trade Manager FedEx Global Trade Manager
gpfbdyzrpvldyjtxftjvgbvarouw
orwgjldmjtwqpwr FedEx Global Trade Manager
I mean, anyone at a low skill level, can half-cook a steak and serve it bloody and tepid
(and sometimes leather-tough lump of meat) to his ignorant and un-cultured but media/ PC ga-ga'd consumer.
But woe betide him, if he should come across the confident and knowledgeable epiqureian,
who demands a well-cooked but tender steak. Finland

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    2 | Cisco Security has detected significant activity on October 30, 2015. | | 2015-November-02 13:20 GMT
    1 | Cisco Security has detected significant activity on October 30, 2015. | | 2015-October-30 14:38 GMT
    1 | Initial Release | | 2015-October-30 14:38 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products