From: The Electronic Payments Association firstname.lastname@example.orgThe malware is on biggestblazer.com/search.php?page=73a07bcb51f4be71 (report here) which is hosted on 184.108.40.206 (Central Host Inc / Zerigo.. yet again). It attempts to download additional components from billydimple.com/forum/index.php?showtopic=656974 on 220.127.116.11 (Linode.. again).
Date: 15 February 2012 13:52
Subject: Rejected ACH payment
The ACH transaction (ID: 44103676925895), recently initiated from your bank account (by you or any other person), was canceled by the Electronic Payments Association.
Transaction ID: 44103676925895
Rejection Reason See details in the report below
Transaction Report report_44103676925895.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
2011 NACHA - The Electronic Payments Association
I've now seen several malicious sites in the 18.104.22.168/24 range, it might be worth considering blocking the whole lot.