Date: Wed, 4 Dec 2013 08:24:02 -0500 [08:24:02 EST]Attached is a file FMS-Case-CWK8SSU4K6CN852.zip which in turn contains a malicious executable FMS-Case.exe which has a VirusTotal detection rate of 7/49. Automated analysis tools   show an attempted connection to worldofchamps.com on 220.127.116.11 (Websitewelcome, US) and a download from [donotclick]deshapran.com/img/deshp.exe on 18.104.22.168 (Pioneer eLabs, India). This second part has a VirusTotal detection rate of 6/47, although automated analysis tools are inconclusive. I recommend blocking both those domains.
From: "email@example.com" [firstname.lastname@example.org]
Subject: Department of Treasury Notice of Outstanding Obligation - Case CWK8SSU4K6CN852
Important please review and sign the attached document!
We have received notification from the Department of the Treasury,
Financial Management Service (FMS) that you have an outstanding
obligation with the Federal Government that requires your immediate
In order to ensure this condition does not affect any planned
contract or grant activity, please review and sign the attached document and if
you are unable to understand the attached document please call FMS at 1-800-304-3107
to address this issue. Please make sure the person making the telephone call has the
Taxpayer Identification Number available AND has the authority/knowledge
to discuss the debt for the contractor/grantee.
Questions should be directed to the Federal Service Desk at:
Phone : 1-866-606-6762
Int. Phone 1-344-206-6275 for international calls
For DSN, dial 809-463-9774. Wait for a dial tone, and then dial 866-606-4580.