Threat Outbreak Alert: Fake Monetary Inheritance Notification Email Messages on November 4, 2013
IntelliShield: Threat Outbreak Alert
2013 November 04 20:39 GMT
2013 November 04 20:39 GMT
Cisco Security has detected significant activity on November 4, 2013.
Cisco Security has detected significant activity related to spam email messages that claim to contain a monetary inheritance notification for the recipient. The text in the email message attempts to convince the recipient to open the attachment for details. However, the .rar attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
Email messages that are related to this threat (RuleID7715) may contain the following files:
TT SLIP.rar products.exe
The products.exe file in the TT SLIP.rar attachment has a file size of 1,171,058 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x3CBCD603E58B099069F816682C16E67B
The following text is a sample of the email message that is associated with this threat outbreak:
This message is about a multi million pound inheritance you may be due.
We know it may come to you as a shock, however we write in relation to your relative Mr. Kelvin Haylen, who died on 22nd of August 2006 when a Russian plane he was traveling on crashed in Ukraine.
Since you may not know him personally, he was until his death a director of oil company and amassed a huge fortune that has remained unclaimed since his death.
It's been difficult finding a relative of late Mr. Haylen as he was an only child and never married. If you are interested in collecting your inheritance, get back to me promptly so we can start the paper work of transferring his estate to you promptly.
The transfer process should take just a matter of days as we have already started the probate process.
Please accept our sympathy at your loss as we hope to work with you to transfer the estate to you as quickly as possible.
Note that our services does not cost you a cent upfront as we are paid 10% of the estate we help you recover at the end of the service.
We await your response.
Mr. Tom Galand
Bentley Genealogical Investigators
Message ID: 666725
Click here to unsubscribe your email
Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.
Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.
The security vulnerability applies to the following combinations of products.
Threat Outbreak Alert
Original Release Base
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.