Threat Outbreak Alert RuleID21003: Email Messages Distributing Malicious Software on February 10, 2016

2016-02-10T13:44:00
ID CISCO-THREAT-43474
Type ciscothreats
Reporter Cisco
Modified 2016-02-10T19:07:08

Description

Medium

Alert ID:

43474

First Published:

2016 February 10 13:44 GMT

Last Updated:

2016 February 10 19:07 GMT

Version:

2

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID21003 and RuleID21003KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
Invoice-4037.zip / invoice.doc.lnk | Not Available | 0x40FC62F5F79DB3240F22A56474B97080
Wire Confirmation (411-65270).zip / invoice_3136640.lnk | Not Available | 0x70983C0BA9E08B7FC10DBA0F5332FEA2
Wire Confirmation (819-89316).zip / invoice_2444328.lnk | Not Available
| 0xDFA8F392A5157D111EF765A569F5A5AC

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Overdue Invoice Final Notice

Message Body:

**Customer ID: 5766

Dear Valued Client,
This is the third and final notice that your
billing statement no. 07281 which was
generated on 28th Jan 2016 is now past due.
Note: The Services mentioned in the invoice
WILL BE disable in next 72 hours!
Balance Due: $1013.00 USD
Due Date: 10th FEB 2016
You have a ultimate chance to settle the invoice.
Thank you for your business.**

Or

> Subject: E-Copy Remittance Confirmation

Message Body:

For the attention of the accounts department.
Please find enclosed a copy of the payment sent to you on the 6th FEB 2016.
Please confirm the receipt of the confirmation.
Best Regards


Or

> Subject: E-Copy Payment Confirmation

Message Body:

For the attention of the accounts department.
Kindly find attached a copy of the payment sent to you on the 4th FEB 2016.
Please confirm the receipt of the confirmation.
Regards
Perry Graziano
Burris Logistics

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    2 | Cisco Security has detected significant activity on February 10, 2016. | | 2016-February-10 19:07 GMT
    1 | Cisco Security has detected significant activity on February 10, 2016. | | 2016-February-10 13:44 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products