Threat Outbreak Alert RuleID25329: Email Messages Distributing Malicious Software on October 6, 2016

2016-10-06T13:41:33
ID CISCO-THREAT-49211
Type ciscothreats
Reporter Cisco
Modified 2016-10-06T13:41:33

Description

Medium

Alert ID:

49211

First Published:

2016 October 6 13:41 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID25329) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
RFx 2100002807 Instruments and spares in SRM.rar / RFx 2100002807 Instruments and spares in SRM.cmd
| 679,936
| 0x43F6B9447CB0B2F812999B717193C964

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: URGENT REQUEST FOR QUOTATION (RFQ) RFx project requirements 2100002807 Instruments and spares in SRM

Message Body:

Dear Vendor,
The Company LUKOIL MID- EAST Ltd reprenseted by Engr. Dennise Soriano. is considering the possibility of contract award on supply of Civil and piping materials by means of sending of the request for quotations 2100002814 (see attached file).
In case of interest of your company in such supply, your commercial offer must be submitted before 26.09.2016 14:00:00 UTC+4
(Dubai local time) by means of filling in form in SRM (Supplier Relationship Management) system at
hxxps: //www.sendspace.com/file/4wtu14 and attachment of copy of submitted offer on your company’s letterhead signed by an
authorized person to SRM system.
Your commercial offer shall be valid till 24.12.2016. Commercial Offers submitted after the deadline will not be accepted by SRM
system and reviewed.
1. Quotation submission deadline: 26.09.2016 14:00:00 UTC+4 (Dubai local time)
2. Start of Quotations evaluation: 26.09.2016 14:00:00 UTC+4 (Dubai local time)
3. Contact details of person responsible for Request for Quotation 2100002814: phone , e-mail Aleksei.Elkrin@lukoil-international.com
Requirements for the quotations:
1) Your quotation shall be submitted on your company’s letterhead and must be signed by an authorized person;
2) Your quotation shall contain payment terms;
3) Quotation shall be prepared in the format attached to this e-mail.
4) Your quotation shall be valid for a period of 60 days from the date of quotation submission deadline set by LUKOIL.
5) Quotations submitted after the deadline will not be reviewed.
Note: Quotation should be done as per our standard format.
Please find purchasing documentation in the G-SRM system on the tab 'Notes and Attachments'.
Please note that you should have valid login and password to enter our website.
If you cannot enter our website please send your request to: wq.vendor@lukoil-overseas.com
We would be delighted to receive any response from you.
Please confirm the letter receipt to:
Best Regards,
WQ2 LUKOIL
Save tree. Don’t print this E-mail unless it’s really necessary
DISCLAIMER: The information contained in this e-mail (including any attachments) is for the sole use of the intended recipient(s). It may contain certain privileged and confidential information or information which is otherwise protected from disclosure.
Any form of unauthorized review, use, print, storage, modification, disclosure, copying, transmission, dissemination, publication of, either whole or partial, or any action taken in reliance upon this information, by any other person than the intended recipient is strictly prohibited and may be unlawful. If this e-mail is received in error, please notify the sender immediately by return email, delete it (including any attachments) from your system and destroy any copies of it.
This e-mail does not represent an invitation to enter into any business or transaction. Its content does not constitute a formal commitment by the Company and is not legally binding on the Company, notably as it may have been altered without the Company's knowledge. Any views, opinions or advices contained in this message may not be those of the Company but only those of the sender or of any other unauthorized person.
While reasonable precautions have been taken to ensure that this e-mail and any attachments are free from any computer virus or similar defect, no liability will be accepted for any loss or damage arising in that respect. Anyone accessing this e-mail must take their own precautions as to security and virus protection.
Notwithstanding anything to the contrary herein or in our previous correspondence on the subject matter hereof, no offer shall be deemed accepted by LUKOIL Mid-East Limited (the "Company"), and no contract shall be deemed to have been entered into by the Company, unless and until a formal bilateral written instrument shall be duly signed by the Company's representative duly authorized for this purpose.

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial release to report significant activity detected by Cisco Security on October 6, 2016. | — | 2016-October-06
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products