Threat Outbreak Alert RuleID28206: Email Messages Distributing Malicious Software on March 9, 2017

2017-03-09T17:24:38
ID CISCO-THREAT-52978
Type ciscothreats
Reporter Cisco
Modified 2017-03-09T17:24:38

Description

Medium

Alert ID:

52978

First Published:

2017 March 9 17:24 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID28206) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
ODER REF 2017-0307.zip / ODER REF 2017-0307.exe
| 1,162,954
| 0xCD612387ECFC56C97DB97673BE81D65

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: gda gevangen [executable] ORDER REF 2017-0307

Message Body:

**Dear Sirs,
Please find attached our order with pictures and product quantity required.
Kindly quote your best prices and inform us your best delivery time.
For more information you can call or contact us via email for further correspondence,
Your urgent response will be apprciated.
Thanks.
Best regards.


This email and any files and data transmitted with it are confidential to the intended recipient(s) only and may not be disclosed to, used by, relied on or copied in any way by anyone other than the intended recipient(s). If you are not the intended recipient(s) of this email please notify the sender immediately by email and then delete the whole of this email, including any files and data transmitted with it. HANUR INTERNATIONAL LIMITED, its subsidiaries, affiliates, employees and directors do not accept any responsibility for viruses or any loss or damage arising from the use of this email or any files and data transmitted with it.


---
The absence of virus in the email was checked by Avast antivirus software.
hxxps: //www.avast.com/antivirus**

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial release to report significant activity detected by Cisco Security on March 9, 2017. | — | 2017-March-09
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products