Sponsored by..

Thursday, 13 March 2014

Sky.com "Statement of account" spam

This fake Sky.com email comes with a malicious attachment:

Date:      Thu, 13 Mar 2014 12:23:09 +0100 [07:23:09 EDT]
From:      "Sky.com" [statement@sky.com]
Subject:      Statement of account


Please find attached the statement of account.

We look forward to receiving payment for the December invoice as this is now due for


This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
Attached is an archive Statement.zip which in turn contains a malicious executable Statement.scr which has a VirusTotal detection rate of 6/50. Automated analysis tools [1] [2] [3] show attempted connections to the following domains and IPs: (Prime Telecom SRL, Romania)
gobehost.info (Singlehop, US)
terenceteo.com (Singlehop, US)

The two Singlehop IPs appear to belong to Host The Name (hostthename.com) which perhaps indicates a problem at that reseller.

Recommended blocklist:

No comments: