Date: Wed, 31 Jan 2012 10:43:44 +0200In this case, the malware is at sulusify.com/search.php?page=73a07bcb51f4be71 (it goes through a couple of redirectors first). A Wepawet report is here.
Subject: ACH payment canceled
The ACH transfer (ID: 64930940909169), recently initiated from your checking account (by you or any other person), was canceled by the Electronic Payments Association.
Transaction ID: 64930940909169
Reason of rejection See details in the report below
Transaction Report report_64930940909169.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
2011 NACHA - The Electronic Payments Association
This is on 126.96.36.199 which is the Endurance International Group.. again. There are several malicious IPs in the 188.8.131.52/19 range now, perhaps indicating a deeper problem with this host.