Date: Wed, 31 Oct 2012 05:06:42 +0300
From: LinkedIn Connections
Subject: Re: Fwd:Scan from a HP ScanJet #26531
Attached document was scanned and sent
to you using a Hewlett-Packard Officejet PRO.
Sent: by Bria
Image(s) : 6
Attachment: Internet Explorer file [.htm]
Hewlett-Packard Officejet Location: machine location not set
The malicious payload is at [donotclick]donkihotik.ru:8080/forum/links/column.php which is hosted on the same IP addresses as this attack yesterday.