Date: Mon, 1 Oct 2012 04:16:46 -0500
From: Bebo Service [firstname.lastname@example.org]
Subject: Fwd: ACH Transfer rejected
The ACH debit transfer, initiated from your bank account, was canceled.
Transfer ID: FE-764029897226US
Transaction Report: View
NACHA - The Electronic Payment Association
The malicious payload is at [donotclick]onlinebayunator.ru:8080/forum/links/column.php (probably a Blackhole 2 exploit kit) hosted on the following familiar IPs that should be blocked:
126.96.36.199 (Republic CyberBunker, Antarctica - Amsterdam more likely)
188.8.131.52 (RACSA, Costa Rica)
184.108.40.206 (Myren, Malaysia)
Of note, CyberBunker has a long history of spamming and tolerating criminals. Blocking the range 220.127.116.11/19 should afford your network some additional protection.