Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to inform the recipient about a Paypal transaction. The text in the e-mail message instructs the recipient to follow a link to view the transaction details. However, the link directs the user to a malicious .exe file that, when executed, attempts to infect the recipient’s system with malicious code.
E-mail messages that are related to this threat (RuleID2969KVR) may contain the following files: facture_pdf.exe
The facture_pdf.exe file has a file size of 180,224 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xA776214EA8683B87DECAEF0692E5416A
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: You sent a payment 60$ on Ebay, inc
Message Body:
You sent a payment 60$ on Ebay, inc
This charge will appear on your credit card statement as payment to Paypal Ebay
Can you confirm this payment
If payment was not made by you pleaseimmediately take the following measures:Login to your account by clicking on the link below
Provide requested information to ensure you are the account owner
Find this transaction in the history and click on "cancel the transactionRead this transaction