Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscothreatsCiscoCISCO-THREAT-41950
HistoryNov 05, 2015 - 2:40 p.m.

Threat Outbreak Alert RuleID19199: Email Messages Distributing Malicious Software on November 5, 2015

2015-11-0514:40:50
Cisco
tools.cisco.com
54
JSON

Medium

Alert ID:

41950

First Published:

2015 November 5 14:40 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID19199) may contain the following files:

Name Size in Bytes MD5 Checksum
6305093.zip / 6305093.scr
31,744
0x6A4CCE90BA28720FA9E6813F681B1F75

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Undeliverable: Email from Transport for London

Message Body:

Your message couldn’t be delivered to multiple recipients. A custom mail flow rule created by an admin at preferredpump.com has blocked your message. The message content is not accepted at this domin. Blocked by mail flow rule Couldn’t deliver to the following recipients: How to Fix It An email admin at preferredpump.com has created a custom mail flow rule that blocks messages that meet certain conditions, and it appears that your message has met one or more of those conditions. Check the text above for a custom message from the email admin that may help explain why your message was blocked and how you might be able to fix it. For example, removing prohibited words from the message or sending the message from a different email account may be sufficient to deliver your message. If you’ve tried and you’re still not able to fix the problem, consider contacting the email admin at preferredpump.com to discuss what to do. While they’re unlikely to remove or relax the rule, if you have a legitimate need to deliver your message they may offer guidance for how to do so. More Info for Email Admins Status code: 550 5.7.1_ETR This error occurs because an email admin at preferredpump…com has created a custom mail flow rule that has blocked the sender’s message. In some cases, the sender can change the message so it no longer violates the rule. However, depending on the rule’s conditions, it’s possible that the only way to deliver the message is to change the rule itself, and only an email admin at preferredpump.com can do that. Although it’s possible the rule is unintentionally flawed or it’s stricter than the admin intended, it may be working exactly as they want it to. Original Message Details Created Date: 11/4/2015 12:37:13 PM Subject: Email from Transport for London Error Details Reported error: the message was rejected by organization policy

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

* Version Description Section Date
1 Initial Release 2015-November-05 14:40 GMT
Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products

JSON