Cisco Security has detected significant activity related to spam email messages that claim to contain a monetary inheritance notification for the recipient. The text in the email message attempts to convince the recipient to open the attachment for details. However, the .rar
attachment contains a malicious .exe
file that, when executed, attempts to infect the system with malicious code.
Email messages that are related to this threat (RuleID7715) may contain the following files:
file in the TT SLIP.rar
attachment has a file size of 1,171,058 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x3CBCD603E58B099069F816682C16E67B
The following text is a sample of the email message that is associated with this threat outbreak:
This message is about a multi million pound inheritance you may be due.
We know it may come to you as a shock, however we write in relation to your relative Mr. Kelvin Haylen, who died on 22nd of August 2006 when a Russian plane he was traveling on crashed in Ukraine.
Since you may not know him personally, he was until his death a director of oil company and amassed a huge fortune that has remained unclaimed since his death.
It's been difficult finding a relative of late Mr. Haylen as he was an only child and never married. If you are interested in collecting your inheritance, get back to me promptly so we can start the paper work of transferring his estate to you promptly.
The transfer process should take just a matter of days as we have already started the probate process.
Please accept our sympathy at your loss as we hope to work with you to transfer the estate to you as quickly as possible.
Note that our services does not cost you a cent upfront as we are paid 10% of the estate we help you recover at the end of the service.
We await your response.
Mr. Tom Galand
Bentley Genealogical Investigators
Message ID: 666725
Click here to unsubscribe your email
Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.
Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.
Cisco SenderBase Security Network