Lucene search

K
ciscothreatsCiscoCISCO-THREAT-43573
HistoryFeb 15, 2016 - 1:48 p.m.

Threat Outbreak Alert RuleID20899: Email Messages Distributing Malicious Software on , March 10, 2016

2016-02-1513:48:40
Cisco
tools.cisco.com
12

Medium

Alert ID:

43573

First Published:

2016 February 15 13:48 GMT

Last Updated:

2016 March 14 12:27 GMT

Version:

4

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID20899) and (RuleID20899KVR) may contain the following files:

Name Size in Bytes MD5 Checksum
invoice_scan_gPzFzp.zip / invoice_scan_gPzFzp.js Not Available 0xAFA98315410478E4FFC505422DB356B2

invoice_scan_fQaneK.zip / invoice_scan_fQaneK.js | Not Available | 0x127D09EF46A3E8C56E02812C630AB3AB

invoice_copy_85829620.zip / invoice_copy_kmtUGq.js | 4,881
| 0xD5D7B8DBAFF8F5ECB0A09CBAAB917A0F

invoice_copy_MOSiaK.zip / invoice_copy_MOSiaK.js | Not Available | 0xC37120E3816B8C04470C53BA0744CBD6

invoice_SCAN_tyBpnM.zip / invoice_SCAN_tyBpnM.js | Not Available | 0x23C50A0C053B2B458D362FC945B8068B

Invoice_ref-29460842.zip / invoice_SCAN_KIUPfo.js | Not Available | 0xFEA58A5965E246D57BF7BAD15F7BAD17

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject:**Transfer Information 77630325 **
Message Body:

Valued Client,
Please find attached to this email your statement
Our company has recently shipped out your package.
You can find the payment details for your order in this email.
Make sure to take a look at it ASAP.
feel free to to contact in case of any question about the shipment.

Or

> Subject: **Details of transfer #41870 **
Message Body:

Valued Customer,
Please find attached to this email your statement
Our office has just sent your package.
You can find the payment details for your purchase in the attachment.
Make sure to take a look at it as soon as possible.
feel free to to send a massage in case of any question about the case.
Accounts Department

Or

> Subject: Invoice 85829620

Message Body:

Dear brian.givens, Please review the attached copy of your Invoice (number: IN85829620) for an amount of $968.67. Thank you for your business

Or

> Subject: Reference Number #30254418

Message Body:

Hello, dear client!
We have recently shipped out your package at you local post office.
You can find the listing of your shipment attached. Please view.
Good bye.

Or

>
Subject: [ID:343491]

May I ask a question on behalf of our management team.
We hope that this offer will help you forget the difficulties.
Please, be so kind to check the invoice attached
.

Or

> Subject: **Invoice # 29460842 /16 **
Message Body:

Dear Customer,
The reason you are receiving this informational
mail is that you have indebted sum of money
totaling $174,23 due to late payment of
invoices starting October 2015 .
The financial reconciliation of the past
12 months (year 2015) is enclosed below.
Please review these files and contact us
immediately to learn what next steps you
should take to avoid the accrual of fines.
Sincerely,

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

* Version Description Section Date
4 Cisco Security has detected significant activity on March 10, 2016. 2016-March-14 12:27 GMT
3 Cisco Security has detected significant activity on , March 09, 2016. 2016-March-10 13:11 GMT
2 Cisco Security has detected significant activity on February 25, 2016. 2016-February-25 21:02 GMT
1 Cisco Security has detected significant activity on February 13, 2016. 2016-February-15 13:48 GMT
1 Initial Release 2016-February-15 13:48 GMT
Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products