Date: Thu, 23 Jan 2014 12:45:11 +0000 [07:45:11 EST]Attached is a file business-info.zip which in turn contains a malicious executable business-info.exe with a VirusTotal detection rate of 16/49.
From: Webster Bank [WebsterWeb-LinkNotifications@WebsterBank.com]
Subject: Legal Business Proposal
Hello, I'm Norman Chan Tak-Lam, S.B.S., J.P, Chief Executive, Hong Kong Monetary Authority (HKMA).
I have a Business worth $47.1M USD for you to handle with me.
Detailed scheme of business can be seen in the attached file.
Automated analysis tools    show attempted connections to dallasautoinsurance1.com on 18.104.22.168 and wiwab.com on 22.214.171.124. Both those IPs are Cogent Communications ones that appear to be rented out to a small web hosting firm called HostTheName.com. For information only, that host has these other IPs in the same range: