Date: Thu, 23 Jan 2014 12:45:11 +0000 [07:45:11 EST]Attached is a file business-info.zip which in turn contains a malicious executable business-info.exe with a VirusTotal detection rate of 16/49.
From: Webster Bank [WebsterWeb-LinkNotifications@WebsterBank.com]
Subject: Legal Business Proposal
Hello, I'm Norman Chan Tak-Lam, S.B.S., J.P, Chief Executive, Hong Kong Monetary Authority (HKMA).
I have a Business worth $47.1M USD for you to handle with me.
Detailed scheme of business can be seen in the attached file.
Automated analysis tools    show attempted connections to dallasautoinsurance1.com on 126.96.36.199 and wiwab.com on 188.8.131.52. Both those IPs are Cogent Communications ones that appear to be rented out to a small web hosting firm called HostTheName.com. For information only, that host has these other IPs in the same range: