Threat Outbreak Alert: RuleID4947 Fake Unspecified E-mail Messages on November 2, 2015
IntelliShield: Threat Outbreak Alert
2012 December 18 22:42 GMT
2015 November 03 13:36 GMT
Cisco Security has detected significant activity on November 2, 2015.
Cisco Security has detected significant activity related to spam e-mail messages that claim to contain an unspecified message for the recipient.
The text in the e-mail message attempts to convince the recipient to open the attachment and view the details.
However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID4947 and RuleID7947KVR) may contain the following files:
The KB00484414.exe file in the KB00484414.zip attachment has a file size of 217,088 bytes.
The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x1AB633CDF11E328C37729E3E319DA6B5
The achromaticAgreement 2015.exe file in the votingremittance.zip attachment has a file size of 53,248 bytes.
The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x9CB47E595F429D717454D9C102400CE3
The RFQ Inquiry.exe file in the RFQ Inquiry.zip attachment has a file size of 979,968 bytes.
The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xAABA4CFD06A7646A7E5E9E87CD789B5D
The Case_7468469.scrfile in the Case_6092178.zipattachment has a file size of 25,088 bytes.
The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x206E908BB21CFE3CC063AF83B88149C3
The revised Proforma-Invoice..exe file in the revised Proforma-Invoice.zip attachment has a file size of 709,120 bytes
The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x2893B3d90F09065F7B828385110DAB91
The bestellung.28.10.2015.n24r3217.exe file in the bestellung.28.10.2015.n24r3217.zip attachment has a file size of 214,518 bytes.
The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x2F6387C5B5C16481E87CB36BF8C4A169
The saless.exe file in the Revised Proforma-Invoice.zip attachment has a file size of 614,400 bytes.
The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x7035F202648CF42EC7BE98F97E8EFAFE
The following text is a sample of the email message that is associated with this threat outbreak:
Please find attached our Request for quotation or Inquiry form.
We kindly request you to provide us with your quotation for supply of
goods as per the attached inquiry.
You are kindly requested to acknowledge receipt of this RFQ within two
(2) working days and submit your Quotation before 9.10.2015
This is an automated message without a signature. For any queries,
please contact the responsible buyer named on the RFQ or Inquiry form.
Subject: Case - 6092178
Dun & BradStreet
New Complaint : 6092178
Dun & Bradstreet has received the above-referenced complaint from one of your customers
regarding their dealings with you.
The details of the consumer's concern are included on the reverse.
Please review this matter and advise us of your position.
In the interest of time and good customer relations,
please provide the DnB with written verification of your position in this matter by Oct 08 , 2015.
Your prompt response will allow DnB to be of service
to you and your customer in reaching a mutually agreeable resolution.
Please inform us if you have contacted your customer
directly and already resolved this matter.
The Dun & Bradstreet develops and maintains Reliability
Reports on companies across the United States and Canada.
This information is available to the public and is frequently used by potential customers.
Your cooperation in responding to this complaint becomes
a permanent part of your file with the Dun and BradStreet.
Failure to promptly give attention to this matter may be
reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file), answer the questions and respond to us.
We look forward to your prompt attention to this matter.
To ensure delivery of Dun & Bradstreet Credibility Corp.
emails to your inbox and to enable images to load in future mailings,
please add firstname.lastname@example.org to your email address book or safe senders list.
Privacy and Unsubscribe Notice:
To unsubscribe or modify your email alert settings, please login to your account,
click "alerts", select "alert settings", and choose the email settings you wish to disable
then click "save" to make the desired changes. Your privacy is important to us,
please click here If you have any questions, email us at email@example.com.
Please do not reply to this email.
Subject: Fwd: Revised Order Confirmation
Dear Sir, Attached please find now the completed order confirmation, and revised Proforma-Invoice. also kindly find the full set shipping documents for order attached. Regards,
Subject: A1 Zahlbar 978654/8186 von 28.10.2015
sehen Sie im Inneren
Subject: Revised Proforma-Invoice
Attached please find now the completed order confirmation, and revised Proforma-Invoice.
also kindly find the full set shipping documents for order attached.
Cisco Security analysts examine real-world e-mail traffic data that is collected from over 100,000 contributing organizations worldwide.
This data helps provide a range of information about and analysis of global e-mail security threats and trends.
Cisco will continue to monitor this threat and automatically adapt systems to protect customers.
This report will be updated if there are significant changes or if the risk to end users increases.
Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures.
E-mail that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks.
Cisco security appliances are automatically updated to prevent both spam e-mail and hostile web URLs from being passed to the end user.
The security vulnerability applies to the following combinations of products.
Threat Outbreak Alert
Original Release Base
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.