Date: Thu, 13 Mar 2014 12:23:09 +0100 [07:23:09 EDT]Attached is an archive Statement.zip which in turn contains a malicious executable Statement.scr which has a VirusTotal detection rate of 6/50. Automated analysis tools    show attempted connections to the following domains and IPs:
From: "Sky.com" [firstname.lastname@example.org]
Subject: Statement of account
Please find attached the statement of account.
We look forward to receiving payment for the December invoice as this is now due for
This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
184.108.40.206 (Prime Telecom SRL, Romania)
220.127.116.11 (Singlehop, US)
18.104.22.168 (Singlehop, US)
The two Singlehop IPs appear to belong to Host The Name (hostthename.com) which perhaps indicates a problem at that reseller.