Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a payment order for the recipient. The text in the e-mail message instructs the recipient to open the attached file to view the invoice details. However, the attachment is a malicious .html file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID2987) may contain the following file: 33907_inv.html
The 33907_inv.html file has an approximate file size of 5,960 bytes. The MD5 checksum, which is a unique identifier of the executable, is unavailable.
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: fire breathing tuition invoice
Message Body:
Here is PO for Luna s driver
http://tools.cisco.com/security/center/viewAlert.x?alertId=21420