Date: Tue, 23 Oct 2012 05:44:05 +0200The malicious payload is at [donotclick]bwdlpjvehrka.ddns.info/links/calls_already_stopping.php hosted on 126.96.36.199 (TheFirst-RU, Russia). Blocking this IP address would be a good move.
Subject: Notification about the rejected Direct Deposit payment
Herewith we are informing you, that your most recent Direct Deposit via ACH transaction (#914555512836) was cancelled, due to your current Direct Deposit software being out of date. Please use the link below to enter the secure section of our web site and see the details::
Please contact your financial institution to acquire the new version of the software.
ACH Network Rules Department
NACHA | The Electronic Payments Association
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
Phone: 703-561-1100 Fax: 703-787-0996