Date: Mon, 16 Sep 2013 09:26:51 -0500 [10:26:51 EDT]Attached is a ZIP file called WellsFargo - Important Documents.zip which in turn contains a malicious executable WellsFargo - Important Documents.exe which has a very low VirusTotal rate of 2/47.
Subject: IMPORTANT Documents - WellsFargo
Please review attached documents.
Wells Fargo Advisors
817-593-0721 cell Harrison_Walsh@wellsfargo.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member
FINRA/SIPC. 1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
documentation. Thank you.
Automated analysis tools    detect network traffic to [donotclick]www.c3dsolutions.com hosted on 188.8.131.52 (5Nines LLC, US). At present I do not have any evidence of further malware sites on that server.