Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an account statement document from Ameriprise Financial for the recipient. The text in the e-mail message attempts to persuade the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID4741) may contain the following files:
PDF-Ameriprise-Financial-9209D1CE6A8.zip
account_statement_user_id_FF34888177388500-193885FEC4558882994AECF45586994002F567999203AE4556869930CF3485688503.pdf.exe.exe
The account_statement_user_id_FF34888177388500-193885FEC4558882994AECF45586994002F567999203AE4556869930CF3485688503.pdf.exe.exe file in the PDF-Ameriprise-Financial-9209D1CE6A8.zip attachment has a file size of 169,984 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x841B0EB462C444DC2A6FAB52FF5A3E36
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: A new account statement is available
Message Body:
Document for your review View in your browser | View on your mobile device
Ameriprise Financial(R) MORE WITHIN REACH(tm)
Ameriprise.com Retirement & Life Events Research & Market Insights My Accounts
Review your document
A new account statement is available for you to review.
To view your document:
Download attached document
Open with Windows Explorer
If you have questions about online document delivery, please call customer service at 800.862.7919.
Thank you for choosing Ameriprise Financial.
New tools and resources on ameriprise.com
We've upgraded the secure site on ameriprise.com to provide new ways to work with your Ameriprise financial advisor. Visit ameriprise.com/features to learn more about our new site features.
At Ameriprise Financial, keeping your financial information secure is extremely important to us. Ameriprise will never ask for any account or personal information in an email. To help protect your security, never click on links from unknown senders. If you have any questions regarding data security, please enter ameriprise.com/security into your browser.
This email was sent to you by Ameriprise Financial Customer Service to provide important information about products and/or services for which you are registered. You may receive customer service emails even if you have requested not to receive email marketing offers from Ameriprise Financial.
Ameriprise Financial Privacy & Security Resources
Customer Service | Privacy | Fraud Instructions
Ameriprise Financial
70100 Ameriprise Financial Center | Minneapolis, MN 55474
Brokerage, investment and financial advisory services are made available through Ameriprise Financial Services, Inc., Member FINRA and SIPC. Some products and services may not be available in all jurisdictions or to all clients.
© 2012 Ameriprise Financial, Inc. All rights reserved.
Source: Cisco
