Date: Thu, 13 Mar 2014 12:23:09 +0100 [07:23:09 EDT]Attached is an archive Statement.zip which in turn contains a malicious executable Statement.scr which has a VirusTotal detection rate of 6/50. Automated analysis tools [1] [2] [3] show attempted connections to the following domains and IPs:
From: "Sky.com" [statement@sky.com]
Subject: Statement of account
Afternoon,
Please find attached the statement of account.
We look forward to receiving payment for the December invoice as this is now due for
payment.
Regards,
Carmela
This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
188.247.130.190 (Prime Telecom SRL, Romania)
gobemall.com
gobehost.info
184.154.11.228 (Singlehop, US)
terenceteo.com
184.154.11.233 (Singlehop, US)
quarkspark.org
The two Singlehop IPs appear to belong to Host The Name (hostthename.com) which perhaps indicates a problem at that reseller.
Recommended blocklist:
184.154.11.228
184.154.11.233
188.247.130.190
gobemall.com
gobehost.info
terenceteo.com
quarkspark.org
No comments:
Post a Comment