From: Ebilling [Ebilling@westlothian.gov.uk]
Date: 3 September 2014 09:20
Subject: NDR Bill
Please find attached your Non Domestic Rates bill.
If your account is in credit you are due a refund unless you have any other debt due to the Council.
To allow your credit to be processed please confirm:
- If you want the credit transferred to another account you have with us. Please confirm the account details.
- If you want the credit refunded by cheque, please confirm who it should be sent to and the address.
Links to Non Domestic Rates information are detailed below.
If you access these links using a mobile phone the network provider may charge for this service.
* PDF Viewer required.
This message, together with any attachments, is sent subject to the
1. It is sent in confidence for the addressee only. It may
contain legally privileged information. The contents are
not to be disclosed to anyone other than the addressee.
Unauthorised recipients are requested to preserve this
confidentiality and to advise the sender immediately.
2. It does not constitute a representation which is legally
binding on the Council or which is capable of constituting
a contract and may not be founded upon in any proceedings
following hereon unless specifically indicated otherwise.
Attached is a file 00056468.pdf.zip which contains a malicious executable D0110109.PDF.exe (which has an icon to make it look like a PDF file). This has a low detection rate at VirusTotal of 4/55.
The Comodo CAMAS report shows that it downloads an additional component from the following locations:
This second component has a VT detection rate of just 3/55. The Anubis report shows an attempted phone home to 126.96.36.199 (National Academy of Sciences of Belarus) and 188.8.131.52 (OVH, France)