Date: Tue, 25 Sep 2012 11:42:18 +0200The malicious payload is at [donotclick]one.1000houses.biz/links/deep_recover-result.php hosted on 220.127.116.11 (A2 Hosting, US). The domain 1000houses.biz appears to be a legitimate domain where the GoDaddy account has been hacked to serve malware on subdomains. There seems to be a long-standing issue with GoDaddy domains being used in this way.
From: "Better.Business Bureau" [email@example.com]
Subject: Activity Report
Dear business owner, we have received a complaint about your company possible involvement in check cashing and Money Order Scam.
You are asked to provide response to this complaint within 7 days.
Failure to provide the necessary information will result in downgrading your Better Business Bureau rating and possible cancellation of your BBB accreditation status.
Council of Better Business Bureaus
3033 Wilson Blvd, Suite 600
Arlington, VA 22201
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
Blocking 18.104.22.168 would probably be prudent.