Date: Wed, 23 Nov 2011 08:28:46 +0700The name of the sender varies, but the approach is to use the same domain as the victim to make it look more believable. In the sample I have, the "Here is the photo" link 404s, but you can guarantee that it is malware.. so don't click that link!
Subject: Help! I'm in trouble!
I was at a party, got drunk, couldn't drive the car, somebody gave me a lift on my car, and crossed on the red light many times, I've just got the pictures, maybe you know him?
Here is the photo
I need to find him urgently!
Update: the malicious payload is on blredret.ru (18.104.22.168) at 23vnet Kft in Budapest (again). The Wepawet report is here. Blocking that IP proactively is probably wise.
Update: this spam run is happening again, but with a different set of malicious IPs (read more)