Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to notify the recipient about malicious software. The message instructs the recipient to open an attached .zip file to view the notification. However, the attachment actually contains a malicious .exe file that, if executed, could infect the user’s system with malicious code.
E-mail messages that are related to this threat (RuleID3199) may contain the following files:
La_respuesta.zip
La_respuesta.Pdf_____.exe
The La_respuesta.Pdf_____.exe file has a file size of 146,944 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x0865E09F754462B594660C6BF271AC33
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Message copied from system quarantine
Message Body:
The attached message was forwarded from an IronPort system quarantine,
and may contain a virus, spam, or other prohibited content.
Buenos dias, jgarrido.La respuesta a su conuslta de un perfil en nuestra paigna web al 16.12.2010.
Estadisticas incluidas en el archivo, sera un plcaer colaborar en el futuro.ID: l1BSLp
Best regards,
Empresa Consulta INC.
http://tools.cisco.com/security/center/viewAlert.x?alertId=22452