Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Threat Outbreak Alert

Threat Outbreak Alert: Fake CashPro Online Digital Certificate Notification Email Messages on August 30, 2013

 
Threat Type:IntelliShield: Threat Outbreak Alert
IntelliShield ID:28320
Version:40
First Published:2013 February 20 19:42 GMT
Last Published:2013 August 30 17:50 GMT
Port: Not available
Urgency:Possible use
Credibility:Confirmed
Severity:Mild Damage
 
Version Summary:Cisco Security Intelligence Operations has detected significant activity on August 30, 2013.
 

Description
 
Cisco Security Intelligence Operations has detected significant activity related to spam email messages that claim to contain a new digital certificate from the Bank of America CashPro Online Security Team for the recipient. The text in the email message attempts to convince the recipient to open the attachment for instructions on the installation process. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.

Email messages that are related to this threat (RuleID5342, RuleID5342KVR, and RuleID5342KVR_1) may contain any of the following files:

cashpro_digital_cert_0115793115810218904.zip
cashpro_digital_cert_{DIGIT[19]}.exe
incoming_fax_02212013_1497271871046855581.zip
incoming_fax_02212013_{DIGIT[19]}.exe
fax_26022013_6058380428875401665.zip
fax_26022013_{DIGIT[19]}.exe
fax_id883826187478237567_02262013.zip
fax_id{DIGIT[18]}_02262013.exe
SecureMessage_21125128673745134251.zip
SecureMessage_{DIGIT[20]}.exe
ACH_Batch_6002132.zip
ACH_Batch_11032013.exe
ADP_PAYROL_19289981.zip
ADP_PAYROL_19289981.exe
Credit_Report_03142013.zip
Credit_Report_03142013.exe
cashpro_digital_cert_8540516074817067661.zip
cashpro_digital_cert_{DIGIT[19]}.exe
Credit_Report_14032013.zip
Credit_Report_14032013.exe
ATO_TAX_99188237.zip
ATO_TAX_99188237.exe
inv_#02898751300_03152013.zip
inv_#0{DIGIT[10]}_03152013.exe
Case_830980982.zip
Case_830980982.exe
Verification_8473957.zip
Verification_03042013.exe
fax_message_4619523868917800957382.zip
fax_message_{DIGIT[22]}.exe
Form_04042013.zip
Form_04042013.exe
Case_830980982.zip
Case_08042013.exe
cashpro_digital_cert_{DIGIT[19].exe
Invoice_983661718291.zip
Invoice_983661718291.exe
Case_9549969.zip
Case_04152013.exe
Identity_Form_04182013.zip
Identity_Form_04182013.exe
PP_04222013.zip
PP_04222013.exe
fax0100113928.zip
fax01001{DIGIT[5]}.exe
fax00001312189.zip
fax00001{DIGIT[6]}.exe
FAX_id617753450845415845763901017560.zip
FAX_id{DIGIT[30]}.exe
PostFinance message service - debit posted.zip
PostFinance message service - debit posted.exe
ADP_inv_#06822243896_051013.zip
ADP_inv_#0{DIGIT[10]}_051013.exe
incoming_fax_2896106719.zip
incoming_fax_{DIGIT[10]}.exe
ADP_INVOICE_#0205646_052413.zip
ADP_INVOICE_#0{DIGIT[6]}_052413.exe
wupos_digital_cert_1152344531108234009.zip
wupos_digital_cert_{DIGIT[19]}.exe
fax_message_4590834859833614850483.zip
fax_message_{DIGIT[22]}.exe
inv_#09968498908_06212013.zip
inv_#0{DIGIT[10]}_06212013.exe
ADDACS Advice Report #98648288.zip
ADDACS Advice Report #{DIGIT[8]}.exe
inc_wire_report_365229777_07012013.zip
inc_wire_report_{DIGIT[9]}_07012013.exe
fax_id3966977355149237202.zip
fax_id{DIGIT[19]}.exe
Auto refund report 947397428.zip
Auto refund report {DIGIT[9]}.exe
case#989290388298534~9593505644124.zip
case#9{DIGIT[14]}~9{DIGIT[12]}.exe
UPS Invoice 41390141.zip
UPS Invoice {DIGIT[8]}.exe
ADDACS Advice Report #483496.zip
ADDACS Advice Report #{DIGIT[6]}.exe
wupos_digital_cert_716867193.zip
wupos_digital_cert_{DIGIT[9]}.exe
secure_message_08142013_15075788893140908.zip
secure_message_08142013_{DIGIT[17]}.exe

fax01001444020.zip
fax01001{DIGIT[6]}.exe
report_265753681627.zip
report_{DIGIT[12]}.exe
UPS Invoice 80501156.zip
ACAS08291305663417PARA9067.zip
ACAS082913{DIGIT[8]}PARA{DIGIT[4]}.exe

The cashpro_digital_cert_{DIGIT[19]}.exe file in the cashpro_digital_cert_0115793115810218904.zip attachment has a file size of 139,264 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xD89E680D6E9FEE363B27E6479A4DFFD3

The incoming_fax_02212013_{DIGIT[19]}.exe file in the incoming_fax_02212013_1497271871046855581.zip attachment has a file size of 133,120 bytes. The MD5 checksum is the following string: 0xB4771C21637E4A5F933672DA9783687B

The fax_26022013_{DIGIT[19]}.exe file in the fax_26022013_6058380428875401665.zip attachment has a file size of 163,840 bytes. The MD5 checksum is the following string: 0xC1625A7BF2ADDD13FBEC585570C4C36E

The fax_id{DIGIT[18]}_02262013.exe file in the fax_id883826187478237567_02262013.zip attachment has a file size of 163,840 bytes. The MD5 checksum is the following string: 0x3426A93A9ED520BE3C9BAED8BEC2E2CD

The SecureMessage_{DIGIT[20]}.exe file in the SecureMessage_21125128673745134251.zip attachment has a file size of 156,160 bytes. The MD5 checksum is the following string: 0xF565258F8086F115AE517F8A4C158683

The ACH_Batch_11032013.exe file in the ACH_Batch_6002132.zip attachment has a file size of 133,632 bytes. The MD5 checksum is the following string: 0x69C90E7D31BEFA0B739F675AD9F2FC5E

The ADP_PAYROL_19289981.exe file in the ADP_PAYROL_19289981.zip attachment has a file size of 135,680 bytes. The MD5 checksum is the following string: 0x1DE7DB633D7767DC7DA45256753D6114

The Credit_Report_03142013.exe file in the Credit_Report_03142013.zip attachment has a file size of 135,680 bytes. The MD5 checksum is the following string: 0x06EC09DBAED6ECA1C7D1FB936E094822

The cashpro_digital_cert_{DIGIT[19]}.exe file in the cashpro_digital_cert_8540516074817067661.zip attachment has a file size of 132,096 bytes. The MD5 checksum is the following string: 0x5CF4BD47458D85601C2143018F145DE5

The Credit_Report_14032013.exe file in the Credit_Report_14032013.zip attachment has a file size of 135,680 bytes. The MD5 checksum is the following string: 0x310D6A1A2F03C0EE3483D84A09A132BA

The ATO_TAX_99188237.exe file in the ATO_TAX_99188237.zip attachment has a file size of 135,680 bytes. The MD5 checksum is the following string: 0x92E19F6B9F33AC3CD54EC86BC34B6EAA

The inv_#0{DIGIT[10]}_03152013.exe file in the inv_#02898751300_03152013.zip attachment has a file size of 135,680 bytes. The MD5 checksum is the following string: 0x669D4A4B7DFCD38B05AF8704B4A55B9A

The Case_830980982.exe file size in the Case_830980982.zip attachment is unavailable. The MD5 checksum is also unavailable.

The Verification_03042013.exe file in the Verification_8473957.zip attachment has a file size of 107,520 bytes. The MD5 checksum is the following string: 0x4080C86BE6B72ED2E28DF0A5A5D65A6B

The fax_message_{DIGIT[22]}.exe file in the fax_message_4619523868917800957382.zip attachment has a file size of 200,704 bytes. The MD5 checksum is the following string: 0x36FA4163D903FBF0010C7604325834A2

The Form_04042013.exe file in the Form_04042013.zip attachment has a file size of 91,648 bytes. The MD5 checksum is the following string: 0x26BCA7FF0FB9B0CCBD75C2A0DABCEF36

The Case_08042013.exe file in the Case_830980982.zip attachment has a file size of 130,560 bytes. The MD5 checksum is the following string: 0xAE4E37F3FDAFE07B17EE38E5DC82DFE7

The cashpro_digital_cert_{DIGIT[19]}.exe file has a file size of 96,256 bytes. The MD5 checksum is the following string: 0xF27592CF87C12B6401AD9742F3004597

The Invoice_983661718291.exe file in the Invoice_983661718291.zip attachment has a file size of 131,584 bytes. The MD5 checksum is the following string: 0x47C65EE00EBC57C93C146964A0B77E56

The Case_04152013.exe file in the Case_9549969.zip attachment has a file size of 137,728 bytes. The MD5 checksum is the following string: 0x28A03BD60463568E8F9F217FB0A2D48D

The Identity_Form_04182013.exe file in the Identity_Form_04182013.zip attachment has a file size of 134,144 bytes. The MD5 checksum is the following string: 0xC5F1D95079CFA622D06C6F2617AC21F2

The PP_04222013.exe file in the PP_04222013.zip attachment has a file size of 135,168 bytes. The MD5 checksum is the following string: 0x65FC7B009E9B653DDEBE8788C268FDAA

The fax01001{DIGIT[5]}.exe file in the fax0100113928.zip attachment has a file size of 137,728 bytes. The MD5 checksum is the following string: 0x5EBF07A884E9AC3F396A3B2586F8010F

The fax00001{DIGIT[6]}.exe file in the fax00001312189.zip attachment has a file size of 131,584 bytes. The MD5 checksum is the following string: 0x30F5913F4D1BD1778FD03D7875749A4A

The FAX_id{DIGIT[30]}.exe file in the FAX_id617753450845415845763901017560.zip attachment has a file size of 137,216 bytes. The MD5 checksum is the following string: 0x8C830CFDD2B5829B9164862E2457780A

The PostFinance message service - debit posted.exe file in the PostFinance message service - debit posted.zip attachment has a file size of 136,192 bytes. The MD5 checksum is the following string: 0xBDF65C738335D2169EABF16CF6470562

The ADP_inv_#0{DIGIT[10]}_051013.exe file in the ADP_inv_#06822243896_051013.zip attachment has a file size of 124,928 bytes. The MD5 checksum is the following string: 0xAF0745BC24BB7EFEF5193788F036C9C2

The incoming_fax_{DIGIT[10]}.exe file in the incoming_fax_2896106719.zip attachment has a file size of 125,440 bytes. The MD5 checksum is the following string: 0x81396414C0F14AFDA076FE6C1D4F0DAD

The ADP_INVOICE_#0{DIGIT[6]}_052413.exe file in the ADP_INVOICE_#0205646_052413.zip attachment has a file size of 121,344 bytes. The MD5 checksum is the following string: 0xF9182E5F13271CEFC2695BAA11926FAB

The wupos_digital_cert_{DIGIT[19]}.exe file in the wupos_digital_cert_1152344531108234009.zip attachment has a file size of 127,488 bytes. The MD5 checksum is the following string: 0x4F4C19F4B477C4A3E9E84ECBC2D253EB

The fax_message_{DIGIT[22]}.exe file in the fax_message_4590834859833614850483.zip attachment has a file size of 85,504 bytes. The MD5 checksum is the following string: 0x292EFFBB7ACB63243EA691006B70AAA3

The inv_#0{DIGIT[10]}_06212013.exe file in the inv_#09968498908_06212013.zip attachment has a file size of 82,944 bytes. The MD5 checksum is the following string: 0xF6EEF8B4B979A0B4EAE8F2D5E429C223

The ADDACS Advice Report #{DIGIT[8]}.exe file in the ADDACS Advice Report #98648288.zip attachment has a file size of 97,280 bytes. The MD5 checksum is the following string: 0x9260A55B41D60FB77F496E9293D5F1EC

The inc_wire_report_{DIGIT[9]}_07012013.exe file in the inc_wire_report_365229777_07012013.zip attachment has a file size of 130,048 bytes. The MD5 checksum is the following string: 0x688790C7A6FD331B730E61C673F3BDF1

The fax_id{DIGIT[19]}.exe file in the fax_id3966977355149237202.zip attachment has a file size of 123,904 bytes. The MD5 checksum is the following string: 0x6C869FA3D850A4B6D054E15EDC90AB8D

The Auto refund report {DIGIT[9]}.exe file in the Auto refund report 947397428.zip attachment has a file size of 117,248 bytes. The MD5 checksum is the following string: 0x6E748EEDA0C8EF7A36ED79CBE8C6682E

The case#9{DIGIT[14]}~9{DIGIT[12]}.exe file in the case#989290388298534~9593505644124.zip attachment has a file size of 113,152 bytes. The MD5 checksum is the following string: 0xCB16957C7C3D91AA684B1CB008E86986

The UPS Invoice {DIGIT[8]}.exe file in the UPS Invoice 41390141.zip attachment has a file size of 116,224 bytes. The MD5 checksum is the following string: 0x328D25DE0F02766C76927D9120A5532D

The ADDACS Advice Report #{DIGIT[6]}.exe file in the ADDACS Advice Report #483496.zip attachment has a file size of 117,248 bytes. The MD5 checksum is the following string: 0x272B03C4F83A662CA7A841FE51736329

The wupos_digital_cert_{DIGIT[9]}.exe file in the wupos_digital_cert_716867193.zip attachment has a file size of 130,560 bytes. The MD5 checksum is the following string: 0x6429931107F902D67850276064DE111B

The secure_message_08142013_{DIGIT[17]}.exe file in the secure_message_08142013_15075788893140908.zip attachment has a file size of 121,344 bytes. The MD5 checksum is the following string: 0xABAFB7DA0F23112064F6BC3A1F93DDF6

The fax01001{DIGIT[6]}.exe file in the fax01001444020.zip attachment has a file size of 121,344 bytes. The MD5 checksum is the following string: 0x545C1A410A986911BFC0B743C7657A0A

The report_{DIGIT[12]}.exe file in the report_265753681627.zip attachment has a file size of 119,296 bytes. The MD5 checksum is the following string: 0x6EBF2EA3DB16B3E912068D0A9E33320E

A variant of the UPS Invoice {DIGIT[8]}.exe file in the UPS Invoice 80501156.zip attachment has a file size of 115,712 bytes. The MD5 checksum is the following string: 0x7AF6CD41836D1B9FE7834C3C1CE61BED

The ACAS082913{DIGIT[8]}PARA{DIGIT[4]}.exe file in the ACAS08291305663417PARA9067.zip attachment has a file size of 31,232 bytes. The MD5 checksum is the following string: 0xF9A37404F1150C48AEC238BAC44977FC

The following text is a sample of the email message that is associated with this threat outbreak:

Subject: Your CashPro Online Digital Certificate

Message Body:

Dear CashPro Customer,
This email is being sent to inform you that you have been granted a new digital certificate for use with Bank of America CashPro® Online.
Please open the attachment and you will be guided through a simple process to install your new digital certificate.
If you have any questions or concerns, please contact the Bank of America technical help desk.
Thank you for your business,
Bank of America
CashPro Online Security Team
Please do not reply to this email .
©Copyright 2013 Bank of America Merrill Lynch. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.

Or

Subject: Corporate eFax message - 4 pages

Message Body:

Fax Message [Caller-ID: 627-420-2187]
You have received a 4 pages fax at 26-02-2013 14:47:11 .
View this fax using your PDF reader.
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Home Contact Login
Powered by j2
2013 j2 Global Communications, Inc. All rights reserved.
eFax is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.

Or

Subject: Subject: Corporate eFax message - 5 pages

Message Body:

Fax Message [Caller-ID: 949-399-2699]
You have received a 5 pages fax at 2013-02-26 10:04:10 EST.
View this fax using your PDF reader.
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions
regarding this message or your service.
Thank you for using the eFax service!
Home Contact Login
Powered by j2
2011 j2 Global Communications, Inc. All rights reserved.
eFax is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.

Or

Subject: ACH Batch Download Notification - Batch ID#: 6002132

Message Body:

The following ACH batch has been submitted for processing.
Initiated By: keren_tf
Initiated Date & Time: Mon, 11 Mar 2013 10:06:00 -0500
Batch ID: 6002132
Batch Template Name: PAYROLL
Please view the attached file to review the transaction details

Or

Subject: ADP - FedEx Shipment Notification

Message Body:

Your payroll document(s) were shipped by ADP on 03/13/2013 via FedEx.
Please use the FedEx shipment tracking number(s) below to monitor the location of your payroll package(s).
You can access this information by simply clicking on your FedEx tracking number(s).
For more details , please download the attached file.
If you have any questions regarding this email you may contact me by using the information below.
Sincerely,
Trey_Ortiz
888/220-7406
Trey_Ortiz@adp.com

Or

Subject: IMPORTANT - A Key Change Has Been Posted

Message Body:

This email was sent because it contains important information about your account. Please note that if you have previously unsubscribed from Experian.com, you will no longer receive newsletters or special offers. However, you will continue to receive email notifications regarding your account. To ensure that you'll receive emails from us, please add support@exprpt.com to your address book.
Experian
Membership ID #006394477A Key Change Has Been Posted to One of Your Credit ReportsA key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian®, Equifax and TransUnion Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don't know how it will affect your credit, so we urge you to do the following:View detailed report by opening the attachment.
You will be prompted to open (view) the file or save (download) it to your computer.
For best results, save the file first, then open it in a Web browser.
Contact our Customer Care Center with any additional questions.Note: The attached file contains personal data.
Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.
*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.
freecreditreport.com

Or

Message Body:

CashPro Customer,
This email is being sent to inform you that you have been granted a new digital certificate for use with Bank of America CashPro Online.Please open the attachment and you will be guided through a simple process to install your new digital certificate.If you have any questions or concerns, please contact the Bank of America technical help desk.Thank you for your business,Bank of AmericaCashPro Online Security TeamPlease do not reply to this email .Copyright 2013 Bank of America Merrill Lynch. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.

Or

Subject: IMPORTANT - A Key Change Has Been Posted

Message Body:

Membership ID #468894524A Key Change Has Been Posted to One of Your Credit ReportsA key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian®, Equifax. and TransUnion. Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don't know how it will affect your credit, so we urge you to do the following:View detailed report by opening the attachment.
You will be prompted to open (view) the file or save (download) it to your computer.
For best results, save the file first, then open it in a Web browser.
Contact our Customer Care Center with any additional questions.Note: The attached file contains personal data.
Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.
*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.
freecreditreport.com

Or

Message Body:

Transaction ID: 892549506CS104Z1N
Our records indicate that you never responded to requests for additional information about this claim. We hope you review the attached file and solve the situation amicably.
For more details please see the attached file.
Sincerely,
Protection Services Department
PayPal does not tolerate fraud or illegal activities. Your compliant has been noted in the record of the PayPal user you reported. If we find this user has violated our policies, we will investigate and take appropriate action>
If this occurs, you may be contacted in the future about the status of this compliant.
To make sure future transactions proceed smoothly, we suggest you visit the PayPal site and click the Security Center link located at the top of any

Or

Subject: Outgoing Money Transfer

Message Body:

Fiserv Logo
Money Transfer Verification
An outgoing money transfer request has been received by=your financial institution. In order to complete the money transfer ple=se print and sign the attached form.To avoid delays or additional fees please be sure Benef=ciary Information including name, branch name, address, city, state, cou=try, and RTN or SWIFT BIC Code is correct. For international Wires be su=e you include the International Routing Code (IRC) and International Ban= Account Number (IBAN) for countries that require it.
Thank you,
Sue_Wall
Senior Officer
Cash Management Verification
Phone: 937-584-4335
Email: Sue_Wall@fiserv.com
CONFIDENTIALITY NOTICE: This electronic mail transmiss=on and any attached files contain information intended for the exclusive=use of the individual or entity to whom it is addressed and may contain =nformation belonging to the sender (Fiserv, Inc.) that is proprietary, p=ivileged, confidential and/or protected from disclosure under applicable=law. If you are not the intended recipient, you are hereby notified that=any viewing, copying, disclosure or distributions of this electronic mes=age are violations of federal law. Please notify the sender, by email or=telephone (800 722 3741), of any unintended recipients and delete the or=ginal message without making any copies.

Or

Subject: New Complaint : 0219164

Message Body:

Dun & Bradstreet has received the =bove-referenced complaint from one of your customers regarding their =ealings with you. The details of the consumer's concern are included on =he reverse. Please review this matter and advise us of your =osition.
In the interest of time and good customer =elations, please provide the DnB with written verification of your =osition in this matter by March 12, 2013. Your prompt =esponse will allow DnB to be of service to you and your customer in =eaching a mutually agreeable resolution. Please inform us if you have =ontacted your customer directly and already resolved this =atter.
The Dun & Bradstreet develops and maintains =eliability Reports on companies across the United States and Canada . =his information is available to the public and is frequently used by =otential customers. Your cooperation in responding to this complaint =ecomes a permanent part of your file with the Better Business Bureau. =strong>Failure to promptly give attention to this matter may be =eflected in the report we give to consumers about your =ompany.
We encourage you to print this =omplaint (attached file), answer the questions and respond to =s.
We look forward to your prompt attention to =his matter.

To ensure =elivery of Dun & Bradstreet Credibility Corp. emails to your inbox and =o enable images to load in future mailings, please add alerts@dandb.com to your email address book or =afe senders list.
Privacy and =nsubscribe Notice:?To unsubscribe or modify your email alert settings, please login =o your account, click "alerts", select "alert settings", and choose the =mail settings you wish to disable then click "save" to make the desired =hanges. Your privacy is important to us, please see our privacy policy. =o view our terms of service, please click here If you =ave any questions, email us at customerservice@DandB.com. Please do not reply to =his email.? 2012 Dun & Bradstreet Credibility Corp.?Dun & Bradstreet Credibility Corp. 103 JFK Parkway, Short Hills, =J 07078

Or

Subject: Your CashPro Online Digital Certificate

Message Body:

Dear CashPro Customer,
This email is being sent to inform you that you have been granted a new digital certificate for use with Bank of America CashPro Online.
Please open the attachment and you will be guided through a simple process to install your new digital certificate.
If you have any questions or concerns, please contact the Bank of America technical help desk.
Thank you for your business,
Bank of America
CashPro Online Security Team
Please do not reply to this email .
Copyright 2013 Bank of America Merrill Lynch. All rights reserved. CashPro is a registered trademark of Bank of America Corporation.

Or

Subject: Please respond - overdue payment

Message Body:

Please find attached your invoices for the past months. Remit the payment by 04/11/2013 as outlines under our "Payment Terms" agreement.
Thank you for your business,
Sincerely,
Isabel Bingham
This e-mail has been sent from an automated system. PLEASE DO NOT REPLY.
The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you.

Or

Subject: FW : Complaint - 8258423

Message Body:

=A0
New Complaint : 8258423
Dun & Bradstreet has received the above-refere=ced complaint from one of your customers regarding their dealings with y=u. The details of the consumer's concern are included on the reverse. Pl=ase review this matter and advise us of your position.
In the interest of time and good customer rela=ions, please provide the DnB with written verification of your position =n this matter by March 8, 2013. Your prompt response wi=l allow DnB to be of service to you and your customer in reaching a mutu=lly agreeable resolution. Please inform us if you have contacted your cu=tomer directly and already resolved this matter.
The Dun & Bradstreet develops and maintains Re=iability Reports on companies across the United States and Canada . This=information is available to the public and is frequently used by potenti=l customers. Your cooperation in responding to this complaint becomes a =ermanent part of your file with the Better Business Bureau. Fail=re to promptly give attention to this matter may be reflected in the rep=rt we give to consumers about your company.
We encourage you to print this complai=t (attached file), answer the questions and respond to us.
We look forward to your prompt attention to th=s matter.
To ensure delivery of Dun & Bradstre=t Credibility Corp. emails to your inbox and to enable images to load in=future mailings, please add alerts@dandb.com to your email ad=ress book or safe senders list.
Privacy and Unsubscribe Notice:
here If y=u have any questions, email us at mailto:customerservice@Dand=.com. Please do not reply to this email.
© 2012 Dun & Bradstreet Credibility Corp.
Dun & Bradstreet Credibility Corp. 103 JFK Parkway, Short Hills, NJ=07078

Or

Message Body:

We are writing you this email in regards to your PayPal account. In accordance with our "Terms and Conditions", article 3.2., we would like to kindly ask you to confirm your identity by completing the attached form.
Please print this form and fill in the requested information. Once you have filled out all the information on the form please send it to verification@paypal.com along with a personal identification document (identity card, driving license or international passport) and a proof of address submitted with our system ( bank account statement or utility bill )
Your case ID for this reason is PP-E5XB0XGHH7P5
For your protection, we might limit your account access. We apologize for any inconvenience this may cause.
Thanks,
PayPal
CONFIDENTIALITY NOTICE:
This electronic mail transmission and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information belonging to the sender (PayPal , Inc.) that is proprietary, privileged, confidential and/or protected from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distributions of this electronic message are violations of federal law. Please notify the sender of any unintended recipients and delete the original message without making any copies. Thank You
PayPal Email ID PP67216

Or

Subject: Thank you for scheduling a payment to Bill Me Later

Message Body:

BillMeLater
Log in here
Your Bill Me Later® statement is now available!
Dear Customer,
Thank you for making a payment online! We've received your
Bill Me Later® payment of $1843.54 and have applied it to your account.
For more details please check attached file
Summary: Your Bill Me Later Account Number Ending in: 0746
You Paid: $1843.54
Your Payment Date*: 04/03/2013
Your Payment Confirmation Number: 459432597798813984
Don't forget, Bill Me Later is the perfect way to shop when you want more time to pay for the stuff you need. Plus, you can always find great deals and discounts at over 1000 stores. Watch this short, fun video to learn more.
BillMeLater
*NOTE: If your payment date is Saturday, or a holiday, it will take an additional day for the payment to appear on your account. However, you will be credited for the payment as of the payment date.
Log in at PayPal.com to make a payment
Questions: Do not reply to this email. Please send all messages through the email form on our website. We are unable to respond to account inquiries sent in reply to this email. Bill Me Later is located at 9690 Deereco Rd, Suite 110, Timonium, MD 21093 Copyright 2012 Bill Me Later Inc.
Bill Me Later accounts are issued by WebBank, Salt Lake City Utah
P3D68LPP1

Or

Subject: ADP Payroll Invoice for week ending 05/10/2013

Message Body:

Your ADP Payroll invoice for last week is attached for your review. If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
Thank you for choosing ADP Payroll.
Important: Please do not respond to this message. It comes from an unattended mailbox.

Or

Subject: Corporate eFax message - 5 pages

Message Body:

Fax Message [Caller-ID: 935-794-4376]
You have received a 5 pages fax at 05-20-2013 10:32:11 .
View this fax using your PDF Editor.
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Home Contact Login
Powered by j2
2013 j2 Global Communications, Inc. All rights reserved.
eFax is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFax Customer Agreement.

Or

Subject: ADP Payroll Invoice for week ending 05/24/2013

Message Body:

Your ADP Payroll invoice for last week is attached for your review. If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
Thank you for choosing ADP Payroll.
Important: Please do not respond to this message. It comes from an unattended mailbox.

Or

Subject: ADP Payroll INVOICE for week ending 06/21/2013

Message Body:

Your ADP Payroll invoice for last week is attached for your review. If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
Thank you for choosing ADP Payroll.
Important: Please do not respond to this message. It comes from an unattended mailbox.

Or

Subject: You have received a secure message from Bank of America

Message Body:

You have received a secure message.
Read your secure message by opening the attachment. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
If you have concerns about the validity of this message, please contact the sender directly.
First time users - will need to register after opening the attachment.
Help - https://securemail.bankofamerica.com/websafe/help?topic=Envelope

Or

Subject: New incoming fax

Message Body:

Dear Customer,
You have received a new fax.
Date/Time: 2013:08:15 13:12:59
Number of pages:4
Received from: 08457 404 404
Regards,
FAX

Or

Subject: CEO Portal Statements & Notices Event

Message Body:

Commercial Electronic Office (CEO) Portal Statements & Notices Event: Multiple Download Request Available
Your Deposit Adjustment Notices is now available. To access your information please download attached report and open Statements & Notices file.
Date/Time Stamp: Fri, 16 Aug 2013 06:27:13 -0800
Request Name: 4P9T5X5DQVEFMFQ
Event Message ID: S045-53650386
Please do not reply to this email.

Or

Message Body:

New invoice(s) are available for the consolidated payment plan(s) / account(s) enrolled in the UPS Billing Center. Download the attachment. Invoice will be automatically shown by double click.

Or

Subject: ACH Notification : ACH Process End of Day Report

Message Body:

Attached is a summary of Origination activity for 08/29/2013
If you need assistance please contact us via e-mail at paychexemail@paychex.com during regular business hours.
Thank you for your cooperation.


The malware associated with this threat outbreak appears to be a trojan that belongs to the PWS:Win32/Fareit.gen!E [Microsoft] family. This trojan could capture all user keystrokes, make modifications to the registry key, and create a new process in the system. Reports indicate that this trojan may attempt to contact arbitrary hosts on the Internet and may produce outbound traffic on port 8080.

Cisco Security Intelligence Operations analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.

Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security Intelligence Operations
Cisco SenderBase Security Network
 
Alert History
 
Version 39, August 30, 2013, 7:11 PM: Cisco Security Intelligence Operations has detected significant activity on August 26, 2013.

Version 38, August 16, 2013, 6:17 PM: Cisco Security Intelligence Operations has detected significant activity on August 16, 2013.

Version 37, August 15, 2013, 6:50 PM: Cisco Security Intelligence Operations has detected significant activity on August 15, 2013.

Version 36, August 14, 2013, 6:32 PM: Cisco Security Intelligence Operations has detected significant activity on August 14, 2013.

Version 35, July 22, 2013, 4:00 PM: Cisco Security Intelligence Operations has detected significant activity on July 22, 2013.

Version 34, July 15, 2013, 4:06 PM: Cisco Security Intelligence Operations has detected significant activity on July 15, 2013.

Version 33, July 15, 2013, 12:05 PM: Cisco Security Intelligence Operations has detected significant activity on July 12, 2013.

Version 32, July 12, 2013, 11:22 AM: Cisco Security Intelligence Operations has detected significant activity on July 11, 2013.

Version 31, July 11, 2013, 1:29 PM: Cisco Security Intelligence Operations has detected significant activity on July 11, 2013.

Version 30, July 5, 2013, 2:06 PM: Cisco Security Intelligence Operations has detected significant activity on July 3, 2013.

Version 29, July 2, 2013, 2:18 PM: Cisco Security Intelligence Operations has detected significant activity on July 1, 2013.

Version 28, June 28, 2013, 1:58 PM: Cisco Security Intelligence Operations has detected significant activity on June 28, 2013.

Version 27, June 24, 2013, 3:13 PM: Cisco Security Intelligence Operations has detected significant activity on June 24, 2013.

Version 26, June 17, 2013, 1:33 PM: Cisco Security Intelligence Operations has detected significant activity on June 14, 2013.

Version 25, May 28, 2013, 2:35 PM: Cisco Security Intelligence Operations has detected significant activity on May 28, 2013.

Version 24, May 24, 2013, 7:41 PM: Cisco Security Intelligence Operations has detected significant activity on May 24, 2013.

Version 23, May 20, 2013, 6:06 PM: Cisco Security Intelligence Operations has detected significant activity on May 20, 2013.

Version 22, May 13, 2013, 8:58 PM: Cisco Security Intelligence Operations has detected significant activity on May 13, 2013.

Version 21, April 29, 2013, 3:10 PM: Cisco Security Intelligence Operations has detected significant activity on April 29, 2013.

Version 20, April 26, 2013, 1:35 PM: Cisco Security Intelligence Operations has detected significant activity on April 26, 2013.

Version 19, April 25, 2013, 4:03 PM: Cisco Security Intelligence Operations has detected significant activity on April 25, 2013.

Version 18, April 22, 2013, 8:52 PM: Cisco Security Intelligence Operations has detected significant activity on April 22, 2013.

Version 17, April 18, 2013, 8:05 PM: Cisco Security Intelligence Operations has detected significant activity on April 18, 2013.

Version 16, April 15, 2013, 8:49 PM: Cisco Security Intelligence Operations has detected significant activity on April 15, 2013.

Version 15, April 11, 2013, 7:37 PM: Cisco Security Intelligence Operations has detected significant activity on April 11, 2013.

Version 14, April 9, 2013, 7:34 PM: Cisco Security Intelligence Operations has detected significant activity on April 9, 2013.

Version 13, April 8, 2013, 7:43 PM: Cisco Security Intelligence Operations has detected significant activity on April 8, 2013.

Version 12, April 4, 2013, 9:48 PM: Cisco Security Intelligence Operations has detected significant activity on April 4, 2013.

Version 11, April 3, 2013, 7:01 PM: Cisco Security Intelligence Operations has detected significant activity on April 3, 2013.

Version 10, March 21, 2013, 4:42 PM: Cisco Security Intelligence Operations has detected significant activity on March 21, 2013.

Version 9, March 18, 2013, 11:14 AM: Cisco Security Intelligence Operations has detected significant activity on March 15, 2013.

Version 8, March 15, 2013, 1:44 PM: Cisco Security Intelligence Operations has detected significant activity on March 14, 2013.

Version 7, March 14, 2013, 12:05 PM: Cisco Security Intelligence Operations has detected significant activity on March 14, 2013.

Version 6 March 13, 2013, 3:28 PM: Cisco Security Intelligence Operations has detected significant activity on March 13, 2013.

Version 5, March 11, 2013, 11:59 AM: Cisco Security Intelligence Operations has detected significant activity on March 11, 2013.

Version 4, March 1, 2013, 7:55 AM: Cisco Security Intelligence Operations has detected significant activity on February 28, 2013.

Version 3, February 26, 2013, 12:48 PM: Cisco Security Intelligence Operations has detected significant activity on February 26, 2013.

Version 2, February 21, 2013, 11:35 AM: Cisco Security Intelligence Operations has detected significant activity on February 20, 2013.

Version 1, February 20, 2013, 10:42 AM: Cisco Security Intelligence Operations has detected significant activity on February 20, 2013.


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldThreat Outbreak Alert Original Release Base

Associated Products:
N/A




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield