Threat Outbreak Alert RuleID29295: Email Messages Distributing Malicious Software on May 25, 2017

2017-05-25T13:47:03
ID CISCO-THREAT-53969
Type ciscothreats
Reporter Cisco
Modified 2017-05-25T13:47:03

Description

Medium

Alert ID:

53969

First Published:

2017 May 25 13:47 GMT

Version:

1

Summary

  • Cisco Security has detected significant activity related to spam email messages distributing malicious software.

Email messages that are related to this threat (RuleID29295) may contain the following files:

Name | Size in Bytes | MD5 Checksum
---|---|---
inquiry from Omcan Traidng.arj / inquiry from Omcan Traidng.exe
| 185,856
| 0x0DD85C094CA19DDE5CC2FDA379ADE475

The following text is a sample of the email message that is associated with this threat outbreak:

> Subject: Request for quotation from Omcan Ltd. (Shipment for Mid-june to Canada)

Message Body:

> Dear Manager
Good day to you. This is Sally Owens Zhu from Omcan Group
We contacted you last week but the list we sent was not complete, so we resend the full details again.
We would like to request a quotation on the attached listed items.
Kindly find table below from our Clients (RFQ) for your kind attention.The above subject inquiry is in compliance with the, Omcan Traidng (Canada) S.A., Purchasing requirements as stipulated in the below documents to submit by the due date and not later than June 2 2017.
Your quotation shall be based on the following terms and conditions:
1. The total gross weight & individual weight of the item (lbs/kg)?
2. Price Validity (Standard: 90 days as requested by Client)?
3. Lead Time (Week/s)?
4. Payment Terms
5. Please provide drawing.
6. Dimensions (L x W x H cms/inch) , weight + packaging (lbs/kg)?
7. Warranty period?
8. Delivery Place: Ex-Works?
9. Harmonized Code/HS Code/Customs Tariff Code?
10. Please include Certificate of Conformity (COC) from Manufacturer.
(Please mention if there is any charge for this certificate)
All documentation relating to this RFQ can be downloaded as attached file.We appreciate your kind feedback soonest.We look forward to receiving your best offer/quote as soonest possible.

Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.

Revision History

  • Version | Description | Section | Date
    ---|---|---|---
    1 | Initial release to report significant activity detected by Cisco Security on May 25, 2017. | — | 2017-May-25
    Show Less

Legal Disclaimer

  • THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products