Threat Outbreak Alert RuleID21585: Email Messages Distributing Malicious Software on March 10, 2016

2016-03-10T15:03:17
ID CISCO-THREAT-44005
Type ciscothreats
Reporter Cisco
Modified 2016-03-11T14:29:40

Description

Medium

Alert ID:

44005

First Published:

2016 March 10 15:03 GMT

Last Updated:

2016 March 11 14:29 GMT

Version:

2

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID21585 and RuleID21585KVR) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
AusPost_Shipping Label_ID-01jnbpmaqk.zip / AustraliaPost_Tracking_Case_id00-869449173#.js
| Not Available
| 0x8A00404F7B1A809BEAB98FC99D75005C
Australia Post_Parcel Case_ID-012cd3k98x.zip / AusPost_Tracking_Label_id00-738312362 | Not Available | 0x3BD1C1C62D0431CC287DE2644EE7FB89

The following text is a sample of the email message that is associated with this threat outbreak:

> Message Body:

Delivery Exception
Address Update Required
Your parcel has experienced an exception and has been returned to the AusPost office.
Shipment Details
TRACKING # AU197403744
ADDRESSED TO
ADDRESS
WEIGHT: 2.76 kg(s).
AUSPOST SERVICE Parcel Post
COMMENT Attn: Australasian Water Skills Network Manager
Tracking Information
Your package has experienced an exception. This could be due to several reasons including:wrong address or no authorized person was present to receive it.
Action Required
To receive your mailing, print out the enclosed invoice and pick-up the parcel at The AusPost Store. Note: You might be required to show a valid Identity Document.
Find the Shipping Label enclosed
Take control of your parcel deliveries
Email Number: 0041891751

Or

> Message Body:

Action Required
Address Update Required
Your parcel has experienced a delivery exception and has been delivered to the Australia Post store.
Shipment Details
TRACK

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security
Cisco SenderBase Security Network

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    2 | Cisco Security has detected significant activity on March 10, 2016. | | 2016-March-11 14:29 GMT
    1 | Cisco Security has detected significant activity on March 10, 2016. | | 2016-March-10 15:03 GMT
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products