Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Threat Outbreak Alert

Threat Outbreak Alert: Fake Product Order Quotation Email Messages on July 10, 2014

 
Threat Type:IntelliShield: Threat Outbreak Alert
IntelliShield ID:25838
Version:76
First Published:2012 May 07 17:05 GMT
Last Published:2014 July 11 12:22 GMT
Port: Not available
Urgency:Possible use
Credibility:Confirmed
Severity:Harassment
 
Version Summary:Cisco Security Intelligence Operations has detected significant activity on July 10, 2014.
 

Description
 
Cisco Security Intelligence Operations has detected significant activity related to spam email messages that claim to contain a product order quotation for the recipient. The text in the email message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.

Email messages that are related to this threat (RuleID4132, RuleID4132KVR, RuleID0858, RuleID0858_1KVR and RuleID858KVR) may contain the following files:

Quotation.zip
Quotation.exe
quotations_.zip
quotationsslx.exe
Qu.zip
Quotationxls.exe
Quotation_xls.exe
Quotation_xls.zip
Quotation(2).zip
Fragebogen_txt.zip
Fragebogen_txt.exe
PDF FILE.zip
quotation_xls.exe
Quotation_pdf.exe
quotation_pdf.zip
quote.rar.exe
men.exe
quotation(1).zip
Quotations.zip
Quotations.exe
quotation_pdf.exe
Document.scr
Swift bank details.zip
Document.exe
Quotation.scr
info.zip
info.exe
Quote.zip
new samy03.scr
Document.zip
Recalculation details.zip
Recalculation details.pdf.exe
COMPANY_PROFILE&PURCHASE_ORDER.zip
QUOTATION..scr
report.zip
report.exe
Account Details.zip
Account Details.exe
Q100035154_Mail Out Report.zip
Q100{DIGIT[6]}_Mail Out Report.exe
Report_john.zip
Report_{_MAILTO_USERNAME}.exe
Purchase details.zip
Purchase details.exe
document0349.scr
Quotation 1.zip
quote.scr
Quotations094432.exe
report.pdf.exe
revised pi and bank details.zip
revised pi.exe
Swift_Copy.zip
message.zip
message.exe
LPOrder0018013.zip
Business info.zip
Order Details .zip
Order Details .exe

DOC.zip
DOC.exe
Secured_document.zip
Fedwire_transfer_routing.exe

OriginalDocument.zip
OriginalDocument.exe

bot3_crypt_pkMd253013d3862df7.exe
Quotations.scr

PRODUCT ENQUIRY..zip
QUOTATION_1.zip
Dollarama_New_Order_PO_4501875161_Item_09-3009904.zip
quotation.xls.zip
quotation.xls.exe
order_report_id874982749239342.exe
order_report.zip
Product Specification.zip

QUOTATION (2).zip
QUOTATION (2).exe

Quotation FTH198000...zip
Quotation FTH198000...scr

The Quotation.exe file in the Quotation.zip attachment has a file size of 279,416 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xD44FF69480D56F5DBC6C7A54F75E342D

The quotationsslx.exe file in the quotations_.zip attachment has a file size of 227,144 bytes. The MD5 checksum is the following string: 0x993C4F5D487C1EF1D4697F892740AC63

The Quotationxls.exe file in the Qu.zip attachment has a file size of 231,240 bytes. The MD5 checksum is the following string: 0x92B2BBFE405C9D27377D7265194FF38C

The Quotation_xls.exe file size in the Quotation.zip attachment is not available. The MD5 checksum is also not available.

A variant of the Quotation_xls.exe file in the Quotation_xls.zip attachment has a file size of 450,016 bytes. The MD5 checksum is the following string: 0x55F91767C18DB100081DCD102032B029

A third variant of the Quotation_xls.exe file in the Quotation(2).zip attachment has a file size of 202,568 bytes. The MD5 checksum is the following string: 0xF106F53D91B271EC6C3A0453EBAC3752

The Fragebogen_txt.exe file in the Fragebogen_txt.zip attachment has a file size of 55,296 bytes. The MD5 checksum is the following string: 0xD72025AFF02EB08DC9F2AF32EF7F642C

A fourth variant of the Quotation_xls.exe file in the Quotation.zip attachment has a file size of 198,496 bytes. The MD5 checksum is the following string: 0x8DD79992E04A32F9DFA0BED149F72334

A fifth variant of the Quotation_xls.exe file in the Quotation.zip attachment has a file size of 233,624 bytes. The MD5 checksum is the following string: 0x6A62DE481C370AECE179A00BCB1642BD

A sixth variant of the Quotation_xls.exe file in the Quotation.zip attachment has a file size of 228,872 bytes. The MD5 checksum is the following string: 0x41565547F2F960EFB4795EBC73CE90F2

A seventh variant of the Quotation_xls.exe file in the PDF FILE.zip attachment has a file size of 224,776 bytes. The MD5 checksum is the following string: 0x1EBA7F5DF146867B837E909A2FF9CF74

The quotation_xls.exe file in the quotation.zip attachment has a file size of 257,544 bytes. The MD5 checksum is the following string: 0x635A6E774B9D9DFFAF9B56E164370F53

A variant of the quotation_xls.exe file in the quotation.zip attachment has a file size of 709,588 bytes. The MD5 checksum is the following string: 0x204DD00BE663919A6AD6CF927E795A74

The Quotation_pdf.exe file has a file size of 273,928 bytes. The MD5 checksum is the following string: 0x9306BF74D0026DBD20CE05D1593AC23D

A variant of the Quotation_pdf.exe file has a file size of 243,314 bytes. The MD5 checksum is the following string: 0xBD147F74B7F7566411B4EA8B6FBD725D

A third variant of the Quotation_pdf.exe file in the Quotation.zip attachment has a file size of 269,832 bytes. The MD5 checksum is the following string: 0x2757C8550DDD88CC9950675659105ED7

The quote.rar.exe file has a file size of 575,090 bytes. The MD5 checksum is the following string: 0x4F31FA8CBA8580E784D8053AD80848DC

The men.exe file in the QUOTATION.zip attachment has a file size of 540,734 bytes. The MD5 checksum is the following string: 0x18A144F5908892C6FF22A999FAEAFD3B

A third variant of the quotation_xls.exe file in the quotation.zip attachment has a file size of 709,585 bytes. The MD5 checksum is the following string: 0xB9769ABD98FF810E75D908ECA13C13B9

A fourth variant of the quotation_xls.exe file in the quotation(1).zip attachment has a file size of 228,456 bytes. The MD5 checksum is the following string: 0xB1920937CF1D34EE6E677BD4046E5ADA

A fifth variant of the quotation_xls.exe file in the quotation.zip attachment has a file size of 223,848 bytes. The MD5 checksum is the following string: 0x47BC8F97CF8537BCC61BB43A83614C97

The Quotations.exe file in the Quotations.zip attachment has a file size of 244,736 bytes. The MD5 checksum is the following string: 0x321B0201F1CDECD7156CED6DD9801C14

The quotation_pdf.exe file in the quotation_pdf.zip attachment has a file size of 674,782 bytes. The MD5 checksum is the following string: 0x47B4C7A4AA3142ECF2FAF29E3C803D68

A fourth variant of the Quotation_pdf.exe file in the Quotation_pdf.zip attachment has a file size of 389,632 bytes. The MD5 checksum is the following string: 0x70C1FA61823D2463EEE1C41B921EA560

A variant of the quotation_pdf.exe file has a file size of 412,248 bytes. The MD5 checksum is the following string: 0x4E3CC9D33EC9374E76FDC84F223DA249

A fifth variant of the Quotation_pdf.exe file in the Quotation.zip attachment has a file size of 238,080 bytes. The MD5 checksum is the following string: 0xC38ADDC3C9C194C24E88809D0A8A39A0

The Document.scr attachment has a file size of 299,008 bytes. The MD5 checksum is the following string: 0x8FF6E76A803EEA4A79D0C6A04BBABC90

A sixth variant of the Quotation_pdf.exe file in the Quotation.zip attachment has a file size of 229,888 bytes. The MD5 checksum is the following string: 0x59384CD2A9F423AA87897F5614BC2E0C

A seventh variant of the Quotation_pdf.exe file in the Quotation_pdf.zip attachment has a file size of 336,384 bytes. The MD5 checksum is the following string: 0x3ACCED4D9BEF7F06C88CAC97D92E3334

The Document.exe file in the Swift bank details.zip attachment has a file size of 3,497,213 bytes. The MD5 checksum is the following string: 0x7738DE59EFB986696DF070E4719156F2

The Quotation.scr file in the Quotation.zip attachment has a file size of 320,000 bytes. The MD5 checksum is the following string: 0x7668874AC8D0E7184B7D671D98084D79

A variant of the Quotation.exe file in the Quotation.zip attachment has a file size of 983,399 bytes. The MD5 checksum is the following string: 0x74009C536155D7913E5E377557307EA9

An eighth variant of the Quotation_pdf.exe file in the Quotation.zip attachment has a file size of 1,005,219 bytes. The MD5 checksum is the following string: 0x4FED492299FA1B3A2950865B75099062

A third variant of Quotation.exe file in the Quotation.zip attachment has a file size of 318,800 bytes. The MD5 checksum is the following string: 0x9779046970C6F6FFAA6BEC9D1C247AAF

The info.exe file in the info.zip attachment has a file size of 145,920 bytes. The MD5 checksum is the following string: 0xC950DCA82FDE7D2C94DCC89965E79195

The new samy03.scr file in the Quote.zip attachment has a file size of 532,992 bytes. The MD5 checksum is the following string: 0xFCF54FF5C963FEA299FF5969FC0AA8E1

A variant of the Document.exe file in the Document.zip attachment has a file size of 3,391,488 bytes. The MD5 checksum is the following string: 0x698FEEDBFB7F1E9A77AD206731C0A131

The Recalculation details.pdf.exe file in the Recalculation details.zip attachment has a file size of 30,208 bytes. The MD5 checksum is the following string: 0xB396F897B24ED49A657422EEB366951D

A fourth variant of the QUOTATION.exe file in the COMPANY_PROFILE&PURCHASE_ORDER.zip attachment has a file size of 968,601 bytes. The MD5 checksum is the following string: 0x68EA9B679E80D04C68B9C9B3C4B007DF

The QUOTATION..scr file in the QUOTATION..zip attachment has a file size of 540,672 bytes. The MD5 checksum is the following string: 0x0559DB513079D0E97A60BD3192CC63A9

The report.exe file in the report.zip attachment has a file size of 130,128 bytes. The MD5 checksum is the following string: 0x4AA53049E18B38A88D92714DC05CC83E

The Account Details.exe file in the Account Details.zip attachment has a file size of 1,370,016 bytes. The MD5 checksum is the following string: 0x30B6D185D27A797E8C8B2420C9902CCA

The Q100{DIGIT[6]}_Mail Out Report.exe file in the Q100035154_Mail Out Report.zip attachment has a file size of 19,968 bytes. The MD5 checksum is the following string: 0xF0D3455427F6D5E02AE7958A2016FF5F

The Report_{_MAILTO_USERNAME}.exe file in the Report_john.zip attachment has a file size of 29,696 bytes. The MD5 checksum is the following string: 0xC1E954A6968CD8959B0DCC2313B60595

The Purchase details.exe file in the Purchase details.zip attachment has a file size of 427,221 bytes. The MD5 checksum is the following string: 0x9DC70166DE617BBDA09D9561798D4425

A variant of the Quotation.scr file in the Quotation.zip attachment has a file size of 1,008,128 bytes. The MD5 checksum is the following string: 0xF11427BE87D895BAF03C0EE4FB973582

A third variant of Document.exe file in the Document.zip attachment has a file size of 4,259,250 bytes. The MD5 checksum is the following string: 0x3F57CD064B6CB0D64C18C4CAB2FE1842

The document0349.scr file in the QUOTATION.zip attachment has a file size of 301,269 bytes. The MD5 checksum is the following string: 0x26824FB304309EBB4D7F487FEC6906C9

A third variant of the Quotation.scr file in the Quotation.zip attachment has a file size of 497,287 bytes. The MD5 checksum is the following string: 0x9E493E00B9BA1D2D255CF761827C9916

The quote.scr file in the Quotation 1.zip attachment has a file size of 1,462,272 bytes. The MD5 checksum is the following string: 0xC418E75C3608664619D4B62CD7CF8832

The Quotations094432.exe file in the Quotations.zip attachment has a file size of 466,944 bytes. The MD5 checksum is the following string: 0xED2E80D8F889D4191433603E1B0DCCAB

The report.pdf.exe file in the report.zip attachment has a file size of 134,656 bytes. The MD5 checksum is the following string: 0x14F82C26D5F5F3FD81B511CA12CAC74B

A fourth variant of Document.exe file in the Document.zip attachment has a file size of 4,117,011 bytes. The MD5 checksum is the following string: 0x58C8E102825F74D94BFF3B6F19A6FCCD

The revised pi.exe file in the revised pi and bank details.zip attachment has a file size of 1,104,384 bytes. The MD5 checksum is the following string: 0xBF5ADB654DF6F3A321D317BB4608FEB6

A variant of the Document.scr file in the Swift_Copy.zip attachment has a file size of 966,656 bytes. The MD5 checksum is the following string: 0x5445DA1AB07469A4AA016B1B6BCE4786

The message.exe file in the message.zip attachment has a file size of 19,968 bytes. The MD5 checksum is the following string: 0x617B0B7005815D03ECB73C54D3456F15

A fifth variant of the Document.exe file in the LPOrder0018013.zip attachment has a file size of 1,237,354 bytes. The MD5 checksum is the following string: 0xF3B4844B45D8ABDE1CCA429B01D0AC9F

A fourth variant of the Quotation.scr file in the Business info.zip attachment has a file size of 285,504 bytes. The MD5 checksum is the following string: 0x44C420866CE491A51CC67F931AC11CFA

The Order Details .exe file in the Order Details .zip attachment has a file size of 86,016 bytes. The MD5 checksum is the following string: 0x70DEDB86F77C53D80ADE1E6B55AF9FDA

A variant of the Order Details .exe file in the Order Details .zip attachment has a file size of 90,112 bytes. The MD5 checksum is the following string: 0x45461FB3C4690F48EFBB132426648AAA

The DOC.exe file in the DOC.zip attachment has a file size of 818,688 bytes. The MD5 checksum is the following string: 0x4BA1C1BBE4A2CCBEA91639023B0E3B5C

A third variant of the Order Details .exe file in the Order Details .zip attachment has a file size of 86,016 bytes. The MD5 checksum is the following string: 0x19DAF3CB9EFBC1E249EC856D3114DCFA

A fourth variant of the Order Details .exe file in the Order Details .zip attachment has a file size of 86,016 bytes. The MD5 checksum is the following string: 0x4C2908A664A142BDA471CDAAD595FE9C

A fifth variant of the Order Details .exe file in the Order Details .zip attachment has a file size of 86,016 bytes. The MD5 checksum is the following string: 0x20FE46C30632092A4345A2CAAC17D436

A fifth variant of the Quotation.scr file in the Quotation.zip attachment has a file size of 224,064 bytes. The MD5 checksum is the following string: 0xAB1B8A71EC36CF064C15A4F199D326C7

A sixth variant of the Document.exe file in the Document.zip attachment has a file size of 1,087,920 bytes. The MD5 checksum is the following string: 0x9045F4D0B9ABE74B623E1C016BA163FD

A sixth variant of the Quotation.scr file in the Quotation.zip attachment has a file size of 232,256 bytes. The MD5 checksum is the following string: 0xE00EFE75A02D912B9A26913C0F520CDD

A seventh variant of the Quotation.scr file in the Quotation.zip attachment has a file size of 944,128 bytes. The MD5 checksum is the following string: 0x6AC35EEBC5BAA725BDDD4805FF03F421

An eighth variant of the Quotation.scr file in the Quotation.zip attachment has a file size of 258,873 bytes. The MD5 checksum is the following string: 0x29ABD20E826E47362166D36EA95B0417

The Fedwire_transfer_routing.exe file in the Secured_document.zip attachment has a file size of 199,993 bytes. The MD5 checksum is the following string: 0xBC17073366D899BCE4AE14EC09511A7B

The OriginalDocument.exe file in the OriginalDocument.zip attachment has a file size of 1,099,799 bytes. The MD5 checksum is the following string: 0x40CE95BDD070D358DE98D67F5099244A

A variant of the report.exe file in the report.zip attachment has a file size of 143,360 bytes. The MD5 checksum is the following string: 0xF4E7AB2B1DD82F5827810BDB563486DE

The bot3_crypt_pkMd253013d3862df7.exe file in the Quotation.zip attachment has a file size of 183,000 bytes. The MD5 checksum is the following string: 0x99AD40A1D36D3C8B9A0620031682BDE6

A fifth variant of the Quotation.exe file in the Quotation.zip attachment has a file size of 682,117 bytes. The MD5 checksum is the following string: 0xB5FD00961AD7066ECB87B85DC32472B6

The Quotations.scr file in the quote.zip attachment has a file size of 2,487,633 bytes. The MD5 checksum is the following string: 0x32F4CBAB506D9E4119EF9709B476776C

A ninth variant of the Quotation.scr file in the Quotation.zip attachment has a file size of 1,235,264 bytes. The MD5 checksum is the following string: 0x1C059DDBE50904053AF0EDB9A1DE5D79

A seventh variant of the Document.exe file in the PRODUCT ENQUIRY..zip attachment has a file size of 3,756,032 bytes. The MD5 checksum is the following string: 0x9F90199630AA6F54E0628B03668ED353

A sixth variant of the QUOTATION.exe file in the QUOTATION_1.zip attachment has a file size of 962,771 bytes. The MD5 checksum is the following string: 0x2E3430F0B273C8197649170FB4736524

An eighth variant of the Document.exe file in the Dollarama_New_Order_PO_4501875161_Item_09-3009904.zip attachment has a file size of 737,075 bytes. The MD5 checksum is the following string: 0xCBF225CF3B2F57C016FBC0963F68F3

The quotation.xls.exe file in the quotation.xls.zip attachment has a file size of 205,312 bytes. The MD5 checksum is the following string: 0x830071C326FD44D3E10119A783B9D028

The order_report_id874982749239342.exe file in the order_report.zip attachment has a file size of 186,368 bytes. The MD5 checksum is the following string: 0xD3A31D0094A3D2DACE1CD5EC093A3DF5

A ninth variant of the Document.exe file in the Product Specification.zip attachment has a file size of 3,285,160 bytes. The MD5 checksum is the following string: 0xEA38DCF4567BA85EC1E3AFFA1122F740

The QUOTATION (2).exe file in the QUOTATION (2).zip attachment has a file size of 353,280 bytes. The MD5 checksum is the following string: 0x6F451471B9A04F98DE56119F9F084076

The Quotation FTH198000...scr file in the Quotation FTH198000...zip attachment has a file size of 951,296 bytes. The MD5 checksum is the following string: 0x3DFDA7E5C67195B5DC82232C7B82580C

The following text is a sample of the email message that is associated with this threat outbreak:

Subject: See our Order and also issue us P I

Message Body:

Hello,
We have finally concluded for the buying of the Product from your company. Open this attachment and see our Order and also issue us P I as quickly as possible. So that we can arrange the T/T copy as soon as possible
Best regard,
Abraham Choh

Or

Subject: Re: New Order

Message Body:

Hi, How are you and the business, Thanks for your mail , i hope we will have a very good biz relationship with you. Meanwhile I attach the Samples of the product we want to order from your company . I'm looking forward to hearing from you as soon as possible . Best Regards, Ying Su

Or

Message Body:

Good Morning
As requested please find attached a copy of the total purchases and designs.
Starting from July we will send another sample to this same email address.
Let me know the average prices after review the attached sample and designs of products.
I have attached the purchase product and design and I have also attached the quantity of each sample.
I hope this information is off assistance and your specific knowledge.
Regards
Hugh Thomas
NB: if this message was send to you in error please delete the copy (s) and notify the sender, do not distribute,
Thank you.

Or

Subject: RE: PO NOTICE

Message Body:

Dear Sir,
please we are very sorry for the delays in making the payment, today we have
remitted payment against your PI.
Find attached TT copy of payment made to bank account.
kindly confirm the BANK SLIP attached.
Pls send to me final copy B/L and Form E copy.
Tks,
Thomas Thang.

Or

Subject: RE: quotation and signature

Message Body:

After going through your products details, we like to have you invoice for the our attached quotation.
Send the invoice asap with your company chop and signature asap.
MR TEKA JUBRIL.

Or

Subject: Re:Order Specifications

Message Body:

Dear Sir, We are deeply sorry for delay. We have attached our Order samples specification on this email, please review and give us feed back on how soon you can produce those items and your best price. Looking forward to your response. Sarah

Or

Subject: Request For Quotation

Message Body:

Hello
We have gone through your items and have seen your products, but can you give me an assurance on the quality and that you can start production if we place an order immediately, or do you already have in stock? Large orders for about 300-400 thousand us dollars needed.
Please check the exact product photo and see if you can supply us the same product from our secured server. Please Kindly view our items Attached.
Let us also have your payment terms.We hope to have good business relationship with you.
Regards
Sales Dr. A. Raghunathan 0044-13930918622
Jijan & Benson CO.,LTD
ADD:Allison Road Villa End,Barclays United Kingdom
Tel: 0044-13930918622 Fax:0044-13930918623
MSN: sales.jijanbanson@msn.com Skype:sales.jijan
Email: sales@jijanbensonco.co.uk
Web: hxxp://www.jijanbensonco.co.uk

Or

Subject: Re: Quotation

Message Body:

Dear Sir
How are you today, Having gone through your listed products with our client, they have offer great interest in having a purchase agreement with your company.
Please send us a quote for the following models as attached in the email and Kindly provide us with the following information base on the sample attached and our percentage for the order
1. Prices FOB
2. Payment terms
3. Delivery Period
4. MOQ
5. Specified delivery date assuming from the Date of Order.
Your quick reply will be highly appreciated and please send us a quote for the following models as attached
Kind regards,
Alexandra Mededa
Registered member of Russian Chamber of Commerce: hxxp://www.pushkin-town.net/.tpp/eng/cci-in-china.htm
: hxxp://www.pushkin-town.net/.tpp/rus/cci-in-china.htm
Mededa International Co., Ltd.
Chief representative (China)
Website: www.mededachina.com
Email: mededachina@gmail.com
info@nanaknamindia.com
Tel.: (1086)136-71-585038

Or

Subject: Hello your Facebook account has been disabled

Message Body:

During the last weeks, facebook has been hacked so you are asked to install the attached software. This will generate a secure connection to our servers so your pc can be safe.
We are attempting to contact all of our users fast but we have limited emailing resources. Facebook will be very thankful if you could send the attached file to your peers and relatives asap.

Or

Subject: FWD: Confirm TT COPY And Account Details

Message Body:

Dear Sir,
Find attached a confirmation copy of the T/T application and find out if it corresponds with the account information.
Rgds,
For Eldan Recycling A/S & Kyla Shipping
Jay Trivedi
Manager, Operations

Or

Message Body:

Good-day,
I am Mrs Tilica Brown From Germany.
As per the Oder for quotation in attachment please quote for 20ft container Urgent.
Give us Price as soon as you can.
Regards,
Mrs Tilica Brown
Sales Representative
Tel- 49 (0) 69 17 32 9400

Or

Subject: Re: Quotation

Message Body:

Hi Dear,
Sorry for my late respond, I appreciate your work you did. I've checked quotation.
Would you please check attached file and see which kind of products do you have?
Also you can quote delivery time/FOB.
Thank you.
Best regards,
Nurzhan
+7 702 759 6984
+7 771 340 7829

Or

Subject: Wells Fargo Advisors

Message Body:

Please review attached documents.
Valery_Parrot
Wells Fargo Advisors
817-559-4662 office
817-358-9011 cell Valery_Parrot@wellsfargo.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member FINRA/SIPC.
1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

Or

Subject: Enquiry (WD-01) - 4.05 INDIGO, RIYADH

Message Body:

Dear Sir,
Good afternoon, hope you are fine. We have come to learn about your company from one of your customers.
Please find attached files, and Kindly Provide Inquiry Quotation with your Best offer for the following project in RIYADH.
Kindly note that all the data that is required for your review of the project scope, terms and condition is been compiled on the attached files.
If any question or doubt, please do not hesitate to contact me again.
Your soonest reply will be highly appreciated.
We look forward to your next news.
Best Regards
Quadri Asif
MIMAR International for Development Co. Ltd
Tel # 02-2347599 Ext: 318
P.O Box:52269, Jeddah 21563
Saudi Arabia.

Or

Subject: Message copied from system quarantine

Message Body:

Nice day,
We need to know your best and final FOB price quotation including CNF Amman Port, for the attach detailed product specification.
Please kindly send your quotation asap, with your lead time/your delivering time after the date of order as we have been invited to bid in a national government project recently.
Kindly Note that the attached file is the details project scope and all the necessary documents that are to be fulfilled by the end supplier.
Also note that we can only Accept 100% LC for payment if not LC as we can't proceed as it is mandatory by our Company your soonest reply is our pleasure.
Best Regards
Abdullah.Amin

Or

Subject: Fw: Order 33-377-523758 THIS A SCAM CLAIMING TO BE FROM AMAZON - full header included

Message Body:

Hi,
Thanks for your order. We'll let you know once your item(s) have dispatched.You can view the status of your order or make changes to it by visiting Your Orders on
Amazon.co.uk.
Order Details
Order 55-315776-751488
Placed on December 4, 2013
Order details and invoice in attached file.
Need to make changes to your order? Visit our Help page for more information and video guides.
We hope to see you again soon.
Amazon.co.uk

Or

Subject: Purchase Order

Message Body:

Hello,
I have attached the signed purchase order list.
Please review and send us the PI to enable us make deposit payment.
Thank you,
Joe Salazer
Plant Supervisor / Purchasing

Or
Message Body:

Dear Sir,
Do you know company that will produce this material for us? If yes
please give us details. See our attached catalogue and get back to us.
Best regards
Amina Ibrahim

Or
Subject: Fwd: Amazon.com order report
Cisco Security Intelligence Operations analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.

Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security Intelligence Operations
Cisco SenderBase Security Network
 
Alert History
 

Version 75, July 7, 2014, 8:47 AM: Cisco Security Intelligence Operations has detected significant activity on July 6, 2014.

Version 74, June 3, 2014, 8:05 AM: Cisco Security Intelligence Operations has detected significant activity on June 1, 2014.

Version 73, June 2, 2014, 8:56 AM: Cisco Security Intelligence Operations has detected significant activity on May 29, 2014.

Version 72, May 20, 2014, 8:45 AM: Cisco Security Intelligence Operations has detected significant activity on May 19, 2014.

Version 71, March 27, 2014, 8:27 AM: Cisco Security Intelligence Operations has detected significant activity on March 25, 2014.

Version 70, March 20, 2014, 8:47 AM: Cisco Security Intelligence Operations has detected significant activity on March 19, 2014.

Version 69, March 18, 2014, 8:38 AM: Cisco Security Intelligence Operations has detected significant activity on March 17, 2014.

Version 68, March 13, 2014, 12:34 PM: Cisco Security Intelligence Operations has detected significant activity on March 11, 2014.

Version 67, February 28, 2014, 7:33 AM: Cisco Security Intelligence Operations has detected significant activity on February 26, 2014.

Version 66, February 24, 2014, 9:04 AM: Cisco Security Intelligence Operations has detected significant activity on February 21, 2014.

Version 65, February 18, 2014, 9:32 AM: Cisco Security Intelligence Operations has detected significant activity on February 17, 2014.

Version 64, February 4, 2014, 8:56 AM: Cisco Security Intelligence Operations has detected significant activity on February 3, 2014.

Version 63, January 24, 2014, 7:40 AM: Cisco Security Intelligence Operations has detected significant activity on January 22, 2014.

Version 62, January 21, 2014, 9:17 AM: Cisco Security Intelligence Operations has detected significant activity on January 17, 2014.

Version 61, January 8, 2014, 8:30 AM: Cisco Security Intelligence Operations has detected significant activity on January 7, 2014.

Version 60, December 18, 2013, 8:43 AM: Cisco Security Intelligence Operations has detected significant activity on December 17, 2013.

Version 59, December 16, 2013, 9:54 AM: Cisco Security Intelligence Operations has detected significant activity on December 15, 2013.

Version 58, December 9, 2013, 4:00 PM: Cisco Security Intelligence Operations has detected significant activity on December 9, 2013.

Version 57, December 6, 2013, 6:24 PM: Cisco Security Intelligence Operations has detected significant activity on December 4, 2013.

Version 56, December 5, 2013, 1:42 PM: Cisco Security Intelligence Operations has detected significant activity on December 4, 2013.

Version 55, December 4, 2013, 2:48 PM: Cisco Security Intelligence Operations has detected significant activity on December 3, 2013.

Version 54, December 3, 2013, 3:23 PM: Cisco Security Intelligence Operations has detected significant activity on December 2, 2013.

Version 53, November 27, 2013, 3:12 PM: Cisco Security Intelligence Operations has detected significant activity on November 26, 2013.

Version 52, November 20, 2013, 2:33 PM: Cisco Security Intelligence Operations has detected significant activity on November 19, 2013.

Version 51, November 18, 2013, 8:35 PM: Cisco Security Intelligence Operations has detected significant activity on November 14, 2013.

Version 50, October 30, 2013, 3:24 PM: Cisco Security Intelligence Operations has detected significant activity on October 28, 2013.

Version 49, October 17, 2013, 6:38 PM: Cisco Security Intelligence Operations has detected significant activity on October 17, 2013.

Version 48, October 14, 2013, 4:47 PM: Cisco Security Intelligence Operations has detected significant activity on October 13, 2013.

Version 47, October 11, 2013, 2:53 PM: Cisco Security Intelligence Operations has detected significant activity on October 11, 2013.

Version 46, October 8, 2013, 1:02 PM: Cisco Security Intelligence Operations has detected significant activity on October 7, 2013.

Version 45, September 25, 2013, 7:17 PM: Cisco Security Intelligence Operations has detected significant activity on September 25, 2013.

Version 44, September 11, 2013, 3:08 PM: Cisco Security Intelligence Operations has detected significant activity on September 10, 2013.

Version 43, September 9, 2013, 2:43 PM: Cisco Security Intelligence Operations has detected significant activity on September 8, 2013.

Version 42, September 3, 2013, 7:00 PM: Cisco Security Intelligence Operations has detected significant activity on September 3, 2013.

Version 41, September 3, 2013, 1:27 PM: Cisco Security Intelligence Operations has detected significant activity on September 3, 2013.

Version 40, August 28, 2013, 12:35 PM: Cisco Security Intelligence Operations has detected significant activity on August 27, 2013.

Version 39, July 17, 2013, 2:34 PM: Cisco Security Intelligence Operations has detected significant activity on July 17, 2013.

Version 38, June 18, 2013, 2:17 PM: Cisco Security Intelligence Operations has detected significant activity on June 17, 2013.

Version 37, June 17, 2013, 1:10 PM: Cisco Security Intelligence Operations has detected significant activity on June 16, 2013.

Version 36, June 13, 2013, 3:14 PM: Cisco Security Intelligence Operations has detected significant activity on June 13, 2013.

Version 35, June 3, 2013, 2:35 PM: Cisco Security Intelligence Operations has detected significant activity on June 1, 2013.

Version 34, May 24, 2013, 7:51 PM: Cisco Security Intelligence Operations has detected significant activity on May 24, 2013.

Version 33, May 17, 2013, 7:57 PM: Cisco Security Intelligence Operations has detected significant activity on May 16, 2013.

Version 32, May 13, 2013, 9:06 PM: Cisco Security Intelligence Operations has detected significant activity on May 12, 2013.

Version 31, May 9, 2013, 3:20 PM: Cisco Security Intelligence Operations has detected significant activity on May 9, 2013.

Version 30, April 5, 2013, 6:24 PM: Cisco Security Intelligence Operations has detected significant activity on April 4, 2013.

Version 29, March 26, 2013, 1:03 PM: Cisco Security Intelligence Operations has detected significant activity on March 25, 2013.

Version 28, March 13, 2013, 6:29 AM: Cisco Security Intelligence Operations has detected significant activity on March 12, 2013.

Version 27, March 5, 2013, 6:13 AM: Cisco Security Intelligence Operations has detected significant activity on March 4, 2013.

Version 26, February 7, 2013, 6:00 AM: Cisco Security Intelligence Operations has detected significant activity on February 6, 2013.

Version 25, February 1, 2013, 7:13 AM: Cisco Security Intelligence Operations has detected significant activity on January 31, 2013.

Version 24, January 22, 2013, 6:14 AM: Cisco Security Intelligence Operations has detected significant activity on January 21, 2013.

Version 23, December 18, 2012, 7:58 AM: Cisco Security Intelligence Operations has detected significant activity on December 18, 2012.

Version 22, December 12, 2012, 6:41 AM: Cisco Security Intelligence Operations has detected significant activity on December 12, 2012.

Version 21, December 10, 2012, 8:24 AM: Cisco Security Intelligence Operations has detected significant activity on December 9, 2012.

Version 20, November 19, 2012, 8:09 AM: Cisco Security Intelligence Operations has detected significant activity on November 18, 2012.

Version 19, October 18, 2012, 8:33 AM: Cisco Security Intelligence Operations has detected significant activity on October 17, 2012.

Version 18, October 10, 2012, 2:54 PM: Cisco Security Intelligence Operations has detected significant activity on October 9, 2012.

Version 17, October 8, 2012, 4:26 PM: Cisco Security Intelligence Operations has detected significant activity on October 7, 2012.

Version 16, October 4, 2012, 12:31 PM: Cisco Security Intelligence Operations has detected significant activity on October 4, 2012.

Version 15, September 19, 2012, 10:47 AM: Cisco Security Intelligence Operations has detected significant activity on September 18, 2012.

Version 14, September 13, 2012, 3:32 PM: Cisco Security Intelligence Operations has detected significant activity on September 13, 2012.

Version 13, September 13, 2012, 11:43 AM: Cisco Security Intelligence Operations has detected significant activity on September 13, 2012.

Version 12, September 13, 2012, 10:56 AM: Cisco Security Intelligence Operations has detected significant activity on September 12, 2012.

Version 11, September 10, 2012, 5:26 PM: Cisco Security Intelligence Operations has detected significant activity on September 9, 2012.

Version 10, August 15, 2012, 4:08 PM: Cisco Security Intelligence Operations has detected significant activity on August 15, 2012.

Version 9, August 9, 2012, 12:36 PM: Cisco Security Intelligence Operations has detected significant activity on August 9, 2012

Version 8, August 7, 2012, 4:45 PM: Cisco Security Intelligence Operations has detected significant activity on August 6, 2012

Version 7, July 16, 2012, 1:51 PM: Cisco Security Intelligence Operations has detected significant activity on July 15, 2012

Version 6, July 2, 2012, 6:30 PM: Cisco Security Intelligence Operations has detected significant activity on June 30, 2012

Version 5, June 22, 2012, 7:14 AM: Cisco Security Intelligence Operations has detected significant activity on June 20, 2012.

Version 4, June 12, 2012, 3:41 PM:
Cisco Security Intelligence Operations has detected significant activity on June 12, 2012.

Version 3, May 24, 2012, 10:00 AM: Cisco Security Intelligence Operations has detected significant activity on May 24, 2012.

Version 2, May 15, 2012, 9:46 AM: Cisco Security Intelligence Operations has detected significant activity on May 14, 2012.

Version 1, May 14, 2012, 5:02 PM: Cisco Security Intelligence Operations has detected significant activity on May 6, 2012.


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldThreat Outbreak Alert Original Release Base

Associated Products:
N/A




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield