Threat Outbreak Alert RuleID20042: Email Messages Distributing Malicious Software on December 11, 2015

2015-12-11T14:44:27
ID CISCO-THREAT-42634
Type ciscothreats
Reporter Cisco
Modified 2015-12-11T14:44:27

Description

Medium

Alert ID:

42634

First Published:

2015 December 11 14:44 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID20042) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
091215-95026.docx.z / 091215-95026.docx.exe
| 629,760
| 0x70A71CD0C6ED6AE61C03FBD4E0701B7E

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: PURCHASE ORDER: 91067 RIGFFS

Message Body:

Hi.
We can no longer wait for our sale respresentative because he travelled for a business trip. Attachment is the required
document, please confirm and get back to us.
Sincerely,
Richard Mat
Procurement Specialist – Order Management
Procurement / Supply Chain Management Shared Services
Chevron Holdings Inc.
33F/WS148 Yuchengco Tower, RCBC Plaza
6819 Ayala Ave., Makati City 1200 PH
? Tel +63 2 798 4756
mailto: abuexpeditingproc@chevron.com
Due to the volume of emails/requests, there might be slight delays on my responses. Rest assured each will be looked into and actioned as soon as possible. I am also encouraging you to follow up after 24 hours of non-response.
Helmholtz-Zentrum Geesthacht
Zentrum für Material- und Küstenforschung GmbH
Max-Planck-Straße 1 I 21502 Geesthacht I Deutschland/Germany
Geschäftsführer/Board of Management: Prof. Dr. Wolfgang Kaysser, Dipl.-Ing. Michael Ganß
Vorsitzender des Aufsichtsrates/Chairman of the Supervisory Board: Ministerialdirigent Dr. Herbert Zeisel
Amtsgericht Lübeck HRB 285 GE (Register Court)
Internet: hxxp://www.hzg.de

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial Release | | 2015-December-11 14:44 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products