Date: Mon, 8 Sep 2014 15:00:22 +0100 [10:00:22 EDT]Attached is an archive RBS_Account_Documents.zip containing a malicious executable RBS_Account_Documents.scr which has a detection rate at VirusTotal of 4/53. The ThreatTrack analysis [pdf] shows that it attempts to download components from the following locations:
From: Vicente Mcneill [Vicente@rbs.co.uk]
Subject: Important Docs
Please review attached documents regarding your account.
Tel: 01322 929655
Fax: 01322 499190
This information is classified as Confidential unless otherwise stated.
18.104.22.168 is SeFlow.it Internet Services, Italy. bullethood.com is on a shared server at GoDaddy. The malware also appears to be attempting to connect to 22.214.171.124 (OVH, France).