Date: Tue, 22 Nov 2011 12:48:52 +0200
From: "LILLIE Stinson" [email@example.com]
Subject: Need your help!
Hello! Look, I've received an unfamiliar bill, have you ordered anything?
Here is the bill
Please reply as soon as possible, because the amount is large and they demand the payment urgently.
Looking forward to your answer
The link goes to a legitimate website that has been hacked, which then redirects to bsredret.ru on 126.96.36.199 (23VNet, Hungary). A Wepawet report for the target page can be found here.
There are a variety of similar emails doing the rounds at the moment, and the IP and URL with the payload seems to change every day. It might be prudent to warn any users you are responsible for to look out..