Date: Mon, 16 Apr 2012 18:26:48 +0900
From: "Fed Ex SUPPORT 36" [firstname.lastname@example.org]
Subject: FedEx Delivery Confirmation 821630
DEAR USER , Delivery Confirmation: FAILED
PLEASE FILL IN ATTACHED FILE WITH RIGHT ADDRESS AND RESEND TO YOUR PERSONAL MANAGER (Open with Internet Explorer)
With Respect , Your Fed Ex Customer Services
The malicious payload is on pokeronmep.ru:8080/pages/glavctkoasjtct.php (report here) which is hosted on the same IP addresses as found in this attack. Blocking them would be worthwhile.