Date: Thu, 20 Sep 2012 09:10:47 -0300The malicious payload (probably Blackhole 2) is at [donotclick]soisokdomen.ru:8080/forum/links/column.php hosted on the following familiar looking IP addresses:
From: Badoo [email@example.com]
Subject: Re: Fwd: Tax Payment COM1684-645 is failed.
Your Federal Tax Payment has been rejected.
Please, check the information and refer to Code I 94 to get details about
your company payment:
The Electronic Federal Tax Payment System
Blocking these would be prudent.