Threat Outbreak Alert RuleID19501: Email Messages Distributing Malicious Software on November 19, 2015

2015-11-18T19:36:02
ID CISCO-THREAT-42149
Type ciscothreats
Reporter Cisco
Modified 2015-11-20T13:30:39

Description

Medium

Alert ID:

42149

First Published:

2015 November 18 19:36 GMT

Last Updated:

2015 November 20 13:30 GMT

Version:

3

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID19501) and (RuleID19501KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
sectoral planning federal combines.zip / scotches strewing.exe
| 30,720
| 0xE563CDE063FCEF24B607C29F990B6AED

statistical analysis pigeon-hole.zip / color plane stye.exe | 30,720
| 0xCA42CB6B5B921672F66A6DC6210EA5EC

Swift Payment Copy.zip / Swift Payment Copy.exe | 434,176
| 0x6E3CD2862C6290F99B39F68F75C42F20

New Order.zip / ggggggg.exe | 633,344
| 0xF58B3A6E1DCE907BCEA5E06AC1E3861B

shipping documents.zip / shipping documents.exe | 831,488
| 0xF89AB26619414DD20755EE4C33F990B3

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Your new bill 3177046476964

Message Body:

Your account number: 3177046476964
This bill number: 2205283507
Hi ,
Your new Telstra bill is attached. Please pay your bill by its due date of 30 Nov 2015.
Like to know more?
If you have any questions or concerns about this email you can get in touch with us at telstra.com/contact.
See you online soon,
Gerd Schenkel
Executive Director, Telstra Digital Sales and Service
Total
912.29
Due Date
30 Nov 2015
The convenience of My Account
Have you tried My Account recently? It's your online Telstra account manager.
My Account lets you view and pay your bill, manage your services, recharge your Pre-Paid mobile,
check estimated mobile data usage and a whole lot more.
If you haven't registered already it only takes a few minutes.
Visit telstra.com/registerme and have your account number ready.
We're aiming to improve how we interact with you online.
If you have any suggestions,
we'd love to hear them - just let us know on our CrowdSupport forum (login required) at telstra.com.au/ideas.

Or

> Subject: invoice

Or

> Message Body:

Dear Recipient,
This is to inform you that the sum of $20,000.00 has been remitted by SULAIMAN SAEED
and credited to your Account# on November 17 2015 at 15:42:11.
Your Transaction Reference# is 294608.
Find attached the full transaction details and soft copy of the Bank charges as required by C.A
If you need any further assistance, please contact our Allied Phone Banking

Or

>
Subject: New Order

Message Body:

Good day,
Thank you for quotation and we are very much satisfied.
Please see the purchase order attached for the items requested and give
us your confirmation on date of shipping.
Your payment is also under process with our bank. My colleague has
forwarded the PO on 17-03-15 but there is no confirmation.
See to this request and do the needful.
Awaiting immediate response
With Best Regards

Or

>
Subject: Shipping documents

Message Body:

Dear Sir,
Check the shipping documents and confirm if is ok.
Regards,
Shipping Dept

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    3 | Cisco Security has detected significant activity on November 19, 2015. | | 2015-November-20 13:30 GMT
    2 | Cisco Security has detected significant activity on November 18, 2015. | | 2015-November-19 14:50 GMT
    1 | Cisco Security has detected significant activity on November 18, 2015. | | 2015-November-18 19:36 GMT
    1 | Initial Release | | 2015-November-18 19:36 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products