Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Threat Outbreak Alert

Threat Outbreak Alert: Fake Customer Complaint Attachment Email Messages on December 3, 2013

 
Threat Type:IntelliShield: Threat Outbreak Alert
IntelliShield ID:29685
Version:14
First Published:2013 June 18 14:32 GMT
Last Published:2013 December 04 16:18 GMT
Port: Not available
Urgency:Possible use
Credibility:Confirmed
Severity:Mild Damage
 
Version Summary:Cisco Security Intelligence Operations has detected significant activity on December 3, 2013.
 

Description
 
Cisco Security Intelligence Operations has detected significant activity related to spam email messages that claim to contain a customer complaint notification from Dun & Bradstreet for the recipient. The text in the email message attempts to convince the recipient to open the attachment and view the details. However, the attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.

Email messages that are related to this threat (RuleID6299, 6299KVR_1KVR and RuleID6299KVR) may contain the following files:
Case_3478350.zip
Case_06172016DNB.exe
Case_6244875.zip
Case_06252013.exe
Case_VU397NX4BMCV6FE.zip
Case_06272013.exe
Case_1076812.zip
Case_07162013.exe
Case_5054492.zip
PP_Case_07182013.exe
Aaaa_0000000.zip
Case_30072013.exe
Case_9414515.zip
Case_07082013.exe
Case_1Y1B5ZBH97IEJ7K.zip
Case_0938818_2818.exe
Case_SLZ5QVZ8YA3ZS72.zip
Case_09182013.exe
Case_3696788.zip
Case_09232013.exe
Case_0329825.zip
Case_RNC44XNGI1H0EEN.zip
Case_10152013.exe
Case_4662300.zip
Case_11052013.exe
Case_2901504.zip
Case.exe
Case_1003036.zip

The Case_06172016DNB.exe file in the Case_3478350.zip attachment has a file size of 115,712 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x9C862AF9A540563488CDC1C61B9EF5F8

The Case_06252013.exe file in the Case_6244875.zip attachment has a file size of 116,736 bytes. The MD5 checksum is the following string: 0xEFE1198E38A787F0A08DEC9384F5D49B

The Case_06272013.exe file in the Case_VU397NX4BMCV6FE.zip attachment has a file size of 120,832 bytes. The MD5 checksum is the following string: 0xF317D215A672A209CBDCBA452E5E84D8

The Case_07162013.exe file in the Case_1076812.zip attachment has a file size of 128,512 bytes. The MD5 checksum is the following string: 0x83F4A31A566A2D27E77D4B4F51F43102

The PP_Case_07182013.exe file in the Case_5054492.zip attachment has a file size of 128,512 bytes. The MD5 checksum is the following string: 0xCAC41700C740C6F0A78D0F525C6F47DD

The Case_30072013.exe file in the Aaaa_0000000.zip attachment has a file size of 124,416 bytes. The MD5 checksum is the following string: 0x4446064F3BA03C4F64931E87EB83F252

The Case_07082013.exe file in the Case_9414515.zip attachment has a file size of 121,856 bytes. The MD5 checksum is the following string: 0x21626C92125C1B1D5FAFD24EB200B57F

The Case_0938818_2818.exe file in the Case_1Y1B5ZBH97IEJ7K.zip attachment has a file size of 24,064 bytes. The MD5 checksum is the following string: 0x741D3D8A4A524618FD52CB7DE6EF2575

The Case_09182013.exe file in the Case_SLZ5QVZ8YA3ZS72.zip attachment has a file size of 24,064 bytes. The MD5 checksum is the following string: 0x3765591DC066C9BCB4BA755556BE9003

The Case_09232013.exe file in the Case_3696788.zip attachment has a file size of 24,576 bytes.The MD5 checksum is the following string: 0xB162D3FEBF509039DE05CD2F79DC9C77

The Case_09232013.exe file in the Case_0329825.zip attachment has a file size of 25,088 bytes.The MD5 checksum is the following string: 0xDB67FE09D2D6854ACC8583C644A816F4

The Case_10152013.exe file in the Case_RNC44XNGI1H0EEN.zip attachment has a file size of 24,576 bytes. The MD5 checksum is the following string: 0x30A15A50FC38D7277752D14EFF7DEB5F

The Case_11052013.exe file in the Case_4662300.zip attachment has a file size of 25,600 bytes. The MD5 checksum is the following string: 0xF84D8EEFCAF542C19F8A7189783CFD46

The Case.exe file in the Case_2901504.zip attachment has a file size of 22,016 bytes. The MD5 checksum is the following string: 0x157BBC283245BBE5AB2947C446857FC9

A variant of the Case.exe file in the Case_1003036.zip attachment has a file size of 6,896 bytes. The MD5 checksum is the following string: 0x7DC5BF7F5F3EAF118C7A6DE6AF921017

The following text is a sample of the email message that is associated with this threat outbreak:

Subject: Complaint - 3478350

Message Body:

Dun & BradStreet
New Inquiry
New Complaint : 3478350
Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.
In the interest of time and good customer relations, please provide the DnB with written verification of your position in this matter by June 28, 2013. Your prompt response will allow DnB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Dun & Bradstreet develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file), answer the questions and respond to us.
We look forward to your prompt attention to this matter.
To ensure delivery of Dun & Bradstreet Credibility Corp. emails to your inbox and to enable images to load in future mailings, please add alerts@dandb.com to your email address book or safe senders list.
Privacy and Unsubscribe Notice:
To unsubscribe or modify your email alert settings, please login to your account, click "alerts", select "alert settings", and choose the email settings you wish to disable then click "save" to make the desired changes. Your privacy is important to us, please see our privacy policy. To view our terms of service, please click here If you have any questions, email us at customerservice@DandB.com. Please do not reply to this email.

Or

Subject: FW : Complaint - 6244875

Message Body:

Dun & BradStreet
New Inquiry
New Complaint : 6244875
Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.
In the interest of time and good customer relations, please provide the DnB with written verification of your position in this matter by June 28, 2013. Your prompt response will allow DnB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Dun & Bradstreet develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file), answer the questions and respond to us.
We look forward to your prompt attention to this matter.
To ensure delivery of Dun & Bradstreet Credibility Corp. emails to your inbox and to enable images to load in future mailings, please add alerts@dandb.com to your email address book or safe senders list.
Privacy and Unsubscribe Notice:
To unsubscribe or modify your email alert settings, please login to your account, click "alerts", select "alert settings", and choose the email settings you wish to disable then click "save" to make the desired changes. Your privacy is important to us, please see our privacy policy. To view our terms of service, please click here If you have any questions, email us at customerservice@DandBcom. Please do not reply to this email.
© 2012 Dun & Bradstreet Credibility Corp.
Dun & Bradstreet Credibility Corp. 103 JFK Parkway, Short Hills, NJ 07078

Or

Subject: FW: Complaint Case VU397NX4BMCV6FE

Message Body:

VU397NX4BMCV6FE
The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.
As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.
In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by June 30, 2013. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file), answer the questions and respond to us.
We look forward to your prompt attention to this matter.
Sincerely,
BBB Serving Metropolitan New York, Long Island and the Mid-Hudson Region

Or

Subject: FW : DNB Complaint - 9414515

Message Body:

New Complaint : 9414515
Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.
In the interest of time and good customer relations, please provide the DnB with written verification of your position in this matter by August 10, 2013. Your prompt response will allow DnB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Dun & Bradstreet develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Dun and BradStreet. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file), answer the questions and respond to us.
We look forward to your prompt attention to this matter.
To ensure delivery of Dun & Bradstreet Credibility Corp. emails to your inbox and to enable images to load in future mailings, please add alerts@dandb.com to your email address book or safe senders list.
Privacy and Unsubscribe Notice:
To unsubscribe or modify your email alert settings, please login to your account, click "alerts", select "alert settings", and choose the email settings you wish to disable then click "save" to make the desired changes. Your privacy is important to us, please see our privacy policy. To view our terms of service, please click here If you have any questions, email us at customerservice@DandB.com. Please do not reply to this email.
2013 Dun & Bradstreet Credibility Corp.
Dun & Bradstreet Credibility Corp. 103 JFK Parkway, Short Hills, NJ 07078

Or

Subject: FW: Case 1Y1B5ZBH97IEJ7K

Message Body:

The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.
As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.
In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by September 13, 2013. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file - Case_1Y1B5ZBH97IEJ7K), answer the questions and respond to us.
We look forward to your prompt attention to this matter.
Sincerely,
Angelica_Burks
Council of Better Business Bureaus
3033 Wilson Blvd, Suite 600
Arlington, VA 22201

Or

Message Body:

Transaction ID: 8259893530JGHV9S4
Our records indicate that you never responded to requests for additional
information about this claim. We hope you review the attached file and solve the situation amicably.
For more details please see the attached file (Case_2901504.zip)
Sincerely,
Protection Services Department
PayPal does not tolerate fraud or illegal activities. Your complaint has
been noted in the record of the PayPal user you reported. If we find this
user has violated our policies, we will investigate and take appropriate
action. If this occurs, you may be contacted in the future about the status
of this complaint.
To make sure future transactions proceed smoothly, we suggest you visit the
PayPal site and click the Security Center link located at the top of any
page. There you will find tips on how to avoid fraudulent sellers in the
"Fraud Prevention Tips for Buyers" section.
Please do not reply to this email. This mailbox is not monitored and you
will not receive a response. For assistance, log in to your PayPal account
and click the Help link in the top right corner of any PayPal page.
Copyright © 1999-2013 PayPal. All rights reserved.
PPID PP883

Cisco Security Intelligence Operations analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.

Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.

Related Links
Cisco Security Intelligence Operations
Cisco SenderBase Security Network
 
Alert History
 
Version 13, November 19, 2013, 1:09 PM: Cisco Security Intelligence Operations has detected significant activity on November 18, 2013.

Version 12, November 6, 2013, 4:54 PM: Cisco Security Intelligence Operations has detected significant activity on November 5, 2013.

Version 11, October 15, 2013, 1:53 PM: Cisco Security Intelligence Operations has detected significant activity on October 15, 2013.

Version 10, September 24, 2013, 12:35 PM: Cisco Security Intelligence Operations has detected significant activity on September 23, 2013.

Version 9, September 18, 2013, 2:24 PM: Cisco Security Intelligence Operations has detected significant activity on September 18, 2013.

Version 8, September 10, 2013, 2:42 PM: Cisco Security Intelligence Operations has detected significant activity on September 10, 2013.

Version 7, August 7, 2013, 8:14 PM: Cisco Security Intelligence Operations has detected significant activity on August 7, 2013.

Version 6, July 31, 2013, 1:43 PM: Cisco Security Intelligence Operations has detected significant activity on July 30, 2013.

Version 5, July 18, 2013, 2:21 PM: Cisco Security Intelligence Operations has detected significant activity on July 18, 2013.

Version 4, July 16, 2013, 7:52 PM: Cisco Security Intelligence Operations has detected significant activity on July 16, 2013.

Version 3, June 27, 2013, 4:45 PM: Cisco Security Intelligence Operations has detected significant activity on June 27, 2013.

Version 2, June 25, 2013, 4:15 PM: Cisco Security Intelligence Operations has detected significant activity on June 25, 2013.

Version 1, June 18, 2013, 2:32 PM: Cisco Security Intelligence Operations has detected significant activity on June 17, 2013.


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldThreat Outbreak Alert Original Release Base

Associated Products:
N/A




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield